Home

Description

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.

PUBLISHED Reserved 2021-09-13 | Published 2021-12-08 | Updated 2024-10-25 | Assigner fortinet




HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C

Problem types

Improper access control

Product status

FortiWeb 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7
affected

References

fortiguard.com/advisory/FG-IR-21-130

fortiguard.com/advisory/FG-IR-21-130

cve.org (CVE-2021-41025)

nvd.nist.gov (CVE-2021-41025)

Download JSON