CVE-2021-43074
First published: Thu Feb 16 2023(Updated: )
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.0.0<2.0.8 | |
| Fortinet FortiProxy | >=7.0.0<7.0.2 | |
| Fortinet FortiWeb | >=6.0.0<6.3.17 | |
| Fortinet FortiWeb | >=6.4.0<7.0.0 | |
| Fortinet FortiOS | >=6.0.0<6.4.9 | |
| Fortinet FortiOS | >=7.0.0<7.0.4 | |
| Fortinet FortiSwitch | >=6.0.0<6.4.11 | |
| Fortinet FortiSwitch | >=7.0.0<7.0.4 |
Remedy
Upgrade to FortiOS version 7.0.7 or above. Upgrade to FortiOS version 6.4.9 or above. Upgrade to FortiWeb version 7.0.0 or above. upgrade to FortiWeb version 6.3.17 or above. Upgrade to FortiProxy version 7.0.7 or above. Upgrade to FortiProxy version 2.0.8 or above. Upgrade to FortiSwitch version 7.2.0 or above. Upgrade to FortiSwitch version 7.0.4 or above. Upgrade to FortiSwitch version 6.4.11 or above.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-43074 vulnerability?
CVE-2021-43074 is an improper verification of cryptographic signature vulnerability in FortiWeb, FortiOS, and FortiSwitch products.
Which products are affected by CVE-2021-43074 vulnerability?
FortiWeb versions 6.4 and below, FortiOS versions 7.0.3 and below, and FortiSwitch versions 7.0.3 and below are affected by CVE-2021-43074 vulnerability.
What is the severity of CVE-2021-43074 vulnerability?
CVE-2021-43074 vulnerability has a severity score of 4.3 (medium).
How can I fix CVE-2021-43074 vulnerability in FortiWeb?
To fix CVE-2021-43074 vulnerability in FortiWeb, upgrade to a version higher than 6.4.8.
Where can I find more information about CVE-2021-43074 vulnerability?
More information about CVE-2021-43074 vulnerability can be found at the following link: [FortiGuard Security Advisory FG-IR-21-126](https://fortiguard.com/psirt/FG-IR-21-126)
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/tags
- agent/description
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.0.0
- version/fortinet fortiproxy/7.0.0
- canonical/fortinet fortiweb
- version/fortinet fortiweb/6.0.0
- version/fortinet fortiweb/6.4.0
- canonical/fortinet fortios
- version/fortinet fortios/6.0.0
- version/fortinet fortios/7.0.0
- canonical/fortinet fortiswitch
- version/fortinet fortiswitch/6.0.0
- version/fortinet fortiswitch/7.0.0