First published: Wed Dec 08 2021(Updated: )
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiWeb | >=6.0.0<=6.0.7 | |
Fortinet FortiWeb | >=6.2.0<=6.2.6 | |
Fortinet FortiWeb | >=6.3.0<=6.3.15 | |
Fortinet FortiWeb | =6.1.0 | |
Fortinet FortiWeb | =6.1.1 | |
Fortinet FortiWeb | =6.1.2 | |
Fortinet FortiWeb | =6.4.0 | |
Fortinet FortiWeb | =6.4.1 | |
Fortinet FortiWeb | =6.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41025 is a vulnerability in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, and 6.0.0 through 6.0.7.
CVE-2021-41025 has a severity rating of 9.8 (critical).
CVE-2021-41025 affects FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, and 6.0.0 through 6.0.7.
The CWE (Common Weakness Enumeration) of CVE-2021-41025 is 362.
To fix CVE-2021-41025, it is recommended to apply the necessary security patches provided by Fortinet for the affected FortiWeb versions.