Authentication flaw

2021-12-0819:15:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.

CPENameOperatorVersion
fortiwebeq6.4.0
fortiwebge6.3.0
fortiweble6.3.15
fortiwebeq6.4.1
fortiwebeq6.1.0
fortiwebeq6.1.1
fortiwebge6.0.0
fortiweble6.0.7
fortiwebeq6.1.2
fortiwebge6.2.0

Name	Operator	Version
fortiweb	eq	6.4.0
fortiweb	ge	6.3.0
fortiweb	le	6.3.15
fortiweb	eq	6.4.1
fortiweb	eq	6.1.0
fortiweb	eq	6.1.1
fortiweb	ge	6.0.0
fortiweb	le	6.0.7
fortiweb	eq	6.1.2
fortiweb	ge	6.2.0

Rows per page:

1-10 of 121

References

fortiguard.com/advisory/FG-IR-21-130