Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
FortiGate 信任管理问题漏洞
Vulnerability Description
Fortinet FortiGate是美国飞塔(Fortinet)公司的一套网络安全平台。该平台提供防火墙、防病毒和入侵防御(IPS)、应用控制、反垃圾邮件、无线控制器和广域网加速等功能。 FortiGate存在信任管理问题漏洞,该漏洞源于在连接到 SSL-VPN 时对用户证书的信任链的验证不当。拥有受信任证书管理局签署的任何证书的远程 LDAP 用户可以连接到 VPN 服务器。攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。以下产品及版本受到影响:FortiGate: 6.4.0, 6.
CVSS Information
N/A
Vulnerability Type
N/A