CVE-2021-41025

CVE Database · CVE-2021-41025

CVE-2021-41025

· HIGHModified

CVSS v3.1

7.3

EPSS

1.44%

Published

Dec 8, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-362

Affected Products (9)

fortinet · fortiwebvulnerable

References (2)

https://fortiguard.com/advisory/FG-IR-21-130

PatchVendor Advisory

https://fortiguard.com/advisory/FG-IR-21-130

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs