Lucene search

[email protected]NVD:CVE-2021-42761

HistoryFeb 16, 2023 - 7:15 p.m.

CVE-2021-42761

2023-02-1619:15:11

CWE-384

[email protected]

web.nvd.nist.gov

fortiweb

session management

vulnerability

cwe-384

remote attacker

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.

Affected configurations

NVD

Node

fortinetfortiwebRange5.6.0–5.9.2

fortinetfortiwebRange6.0.0–6.0.8

fortinetfortiwebRange6.1.0–6.1.3

fortinetfortiwebRange6.2.0–6.2.7

fortinetfortiwebRange6.3.0–6.3.17

fortinetfortiwebRange6.4.0–7.0.0

References

fortiguard.com/psirt/FG-IR-21-214

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Related for NVD:CVE-2021-42761

cvelist1 nessus1 prion1 cve1 fortinet1