CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-41025

HIGH
7.3
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile36.98th
Published2021年12月8日
Last Modified2024年11月21日

Vulnerability Description

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.

Affected Platforms (CPE)

📦
Fortinet

Fortiweb

>= 6.0.0 and <= 6.0.7
📦
Fortinet

Fortiweb

>= 6.2.0 and <= 6.2.6
📦
Fortinet

Fortiweb

>= 6.3.0 and <= 6.3.15
📦
Fortinet

Fortiweb

= 6.1.0
📦
Fortinet

Fortiweb

= 6.1.1
📦
Fortinet

Fortiweb

= 6.1.2
📦
Fortinet

Fortiweb

= 6.4.0
📦
Fortinet

Fortiweb

= 6.4.1
📦
Fortinet

Fortiweb

= 6.4.2

References & Advisories

🔗 https://fortiguard.com/advisory/FG-IR-21-130
🔗 https://fortiguard.com/advisory/FG-IR-21-130

相關漏洞威脅

CVE-2020-290169.8

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated,...

CVE-2026-248589.8

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 ...

CVE-2020-290159.8

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated,...

CVE-2021-427569.8

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, ...