Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-21-130 |
History
Fri, 25 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2021-12-08T18:46:00
Updated: 2024-10-25T13:38:26.805Z
Reserved: 2021-09-13T00:00:00
Link: CVE-2021-41025
Vulnrichment
Updated: 2024-08-04T02:59:30.994Z
NVD
Status : Modified
Published: 2021-12-08T19:15:09.957
Modified: 2024-11-21T06:25:17.647
Link: CVE-2021-41025
Redhat
No data.