Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-21-130 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2021-12-08T18:46:00
Updated: 2021-12-08T18:46:00
Reserved: 2021-09-13T00:00:00
Link: CVE-2021-41025
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-08T19:15:09.957
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-41025
JSON object: View
Redhat Information
No data.
CWE