How severe is CVE-2021-41030?

CVE-2021-41030 has a CVSS v3 score of 5.4 (MEDIUM).

CVE-2021-41030

Name: forticlient_enterprise_management_server
Author: fortinet

5.4MEDIUM

An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user

Published: 12/8/2021Updated: 11/21/2024

Description

An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.

AI AnalysisPowered by AI

Affected Products

fortinetforticlient_enterprise_management_server

7.0.0

fortinetforticlient_enterprise_management_server

7.0.1

References

https://fortiguard.com/advisory/FG-IR-21-192
PatchVendor Advisory
https://fortiguard.com/advisory/FG-IR-21-192
PatchVendor Advisory