The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
Base Score: 3.3
Impact Score: 2.9
Exploitability Score: 6.5
Base Score: 6.5
Impact Score: 3.6
Exploitability Score: 2.8
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions up to 6.2.0 (inclusive)