Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.
History

Fri, 25 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2021-12-08T18:46:00

Updated: 2024-10-25T13:38:26.805Z

Reserved: 2021-09-13T00:00:00

Link: CVE-2021-41025

cve-icon Vulnrichment

Updated: 2024-08-04T02:59:30.994Z

cve-icon NVD

Status : Modified

Published: 2021-12-08T19:15:09.957

Modified: 2024-11-21T06:25:17.647

Link: CVE-2021-41025

cve-icon Redhat

No data.