VYPR
Unrated severityNVD Advisory· Published Dec 8, 2021· Updated Oct 25, 2024

CVE-2021-41025

CVE-2021-41025

Description

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.

Affected products

2
  • Fortinet/Fortiwebllm-fuzzy2 versions
    <=6.4.1+ 1 more
    • (no CPE)range: <=6.4.1
    • (no CPE)range: FortiWeb 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.