An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
References
History

Tue, 22 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-02-16T18:05:27.932Z

Updated: 2024-10-22T20:50:25.414Z

Reserved: 2021-10-28T21:06:26.048Z

Link: CVE-2021-43074

cve-icon Vulnrichment

Updated: 2024-08-04T03:47:13.419Z

cve-icon NVD

Status : Modified

Published: 2023-02-16T19:15:11.677

Modified: 2024-11-21T06:28:38.750

Link: CVE-2021-43074

cve-icon Redhat

No data.