FortiWeb - Multiple vulnerabilities in the authentication mechanism of confd
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-130
Final
1
1
2021-12-07T00:00:00
Current version
2021-12-07T00:00:00
2021-12-07T00:00:00
Multiple vulnerabilities in the authentication mechanism of FortiWeb's confd, including an instance of concurrent execution using shared resource with improper synchronization [CWE-362] and one of authentication bypass by capture-replay [CWE-294], may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.
None
Improper access control
FortiWeb versions 6.4.1 and below. FortiWeb versions 6.3.15 and below. FortiWeb versions 6.2.6 and below. FortiWeb versions 6.1.2 and below. FortiWeb versions 6.3.15 and below. FortiWeb versions 6.0.7 and below. FortiADC versions 7.0.2 and below. FortiADC versions 6.2.4 and below. FortiADC 6.1, 6.0, 5.4, 5.3, 5.2,5.1,5.0 all versions
Please upgrade to FortiWeb 7.0.0 or above. Please upgrade to FortiWeb 6.4.2 or above. Please upgrade to FortiWeb 6.3.16 or above. Please upgrade to FortiADC version 7.1.0 or above Please upgrade to FortiADC version 7.0.3 or above Please upgrade to FortiADC version 6.2.5 or above
Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.
FortiADC 7.0.2
FortiADC 7.0.1
FortiADC 7.0.0
FortiADC 6.2.4
FortiADC 6.2.3
FortiADC 6.2.2
FortiADC 6.2.1
FortiADC 6.2.0
FortiADC 6.1.6
FortiADC 6.1.5
FortiADC 6.1.4
FortiADC 6.1.3
FortiADC 6.1.2
FortiADC 6.1.1
FortiADC 6.1.0
FortiADC 6.0.4
FortiADC 6.0.3
FortiADC 6.0.2
FortiADC 6.0.1
FortiADC 6.0.0
FortiADC 5.4.5
FortiADC 5.4.4
FortiADC 5.4.3
FortiADC 5.4.2
FortiADC 5.4.1
FortiADC 5.4.0
FortiADC 5.3.7
FortiADC 5.3.6
FortiADC 5.3.5
FortiADC 5.3.4
FortiADC 5.3.3
FortiADC 5.3.2
FortiADC 5.3.1
FortiADC 5.3.0
FortiADC 5.2.8
FortiADC 5.2.7
FortiADC 5.2.6
FortiADC 5.2.5
FortiADC 5.2.4
FortiADC 5.2.3
FortiADC 5.2.2
FortiADC 5.2.1
FortiADC 5.2.0
FortiADC 5.1.7
FortiADC 5.1.6
FortiADC 5.1.5
FortiADC 5.1.4
FortiADC 5.1.3
FortiADC 5.1.2
FortiADC 5.1.1
FortiADC 5.1.0
FortiADC 5.0.4
FortiADC 5.0.3
FortiADC 5.0.2
FortiADC 5.0.1
FortiADC 5.0.0
FortiWeb 6.4.1
FortiWeb 6.4.0
FortiWeb 6.3.15
FortiWeb 6.3.14
FortiWeb 6.3.13
FortiWeb 6.3.12
FortiWeb 6.3.11
FortiWeb 6.3.10
FortiWeb 6.3.9
FortiWeb 6.3.8
FortiWeb 6.3.7
FortiWeb 6.3.6
FortiWeb 6.3.5
FortiWeb 6.3.4
FortiWeb 6.3.3
FortiWeb 6.3.2
FortiWeb 6.3.1
FortiWeb 6.3.0
FortiWeb 6.2.8
FortiWeb 6.2.7
FortiWeb 6.2.6
FortiWeb 6.2.5
FortiWeb 6.2.4
FortiWeb 6.2.3
FortiWeb 6.2.2
FortiWeb 6.2.1
FortiWeb 6.2.0
FortiWeb 6.1.4
FortiWeb 6.1.3
FortiWeb 6.1.2
FortiWeb 6.1.1
FortiWeb 6.1.0
FortiWeb 6.0.8
FortiWeb 6.0.7
FortiWeb 6.0.6
FortiWeb 6.0.5
FortiWeb 6.0.4
FortiWeb 6.0.3
FortiWeb 6.0.2
FortiWeb 6.0.1
FortiWeb 6.0.0
FortiWeb - Multiple vulnerabilities in the authentication mechanism of confd
CVE-2021-41025
FortiADC-7.0.2
FortiADC-7.0.1
FortiADC-7.0.0
FortiADC-6.2.4
FortiADC-6.2.3
FortiADC-6.2.2
FortiADC-6.2.1
FortiADC-6.2.0
FortiADC-6.1.6
FortiADC-6.1.5
FortiADC-6.1.4
FortiADC-6.1.3
FortiADC-6.1.2
FortiADC-6.1.1
FortiADC-6.1.0
FortiADC-6.0.4
FortiADC-6.0.3
FortiADC-6.0.2
FortiADC-6.0.1
FortiADC-6.0.0
FortiADC-5.4.5
FortiADC-5.4.4
FortiADC-5.4.3
FortiADC-5.4.2
FortiADC-5.4.1
FortiADC-5.4.0
FortiADC-5.3.7
FortiADC-5.3.6
FortiADC-5.3.5
FortiADC-5.3.4
FortiADC-5.3.3
FortiADC-5.3.2
FortiADC-5.3.1
FortiADC-5.3.0
FortiADC-5.2.8
FortiADC-5.2.7
FortiADC-5.2.6
FortiADC-5.2.5
FortiADC-5.2.4
FortiADC-5.2.3
FortiADC-5.2.2
FortiADC-5.2.1
FortiADC-5.2.0
FortiADC-5.1.7
FortiADC-5.1.6
FortiADC-5.1.5
FortiADC-5.1.4
FortiADC-5.1.3
FortiADC-5.1.2
FortiADC-5.1.1
FortiADC-5.1.0
FortiADC-5.0.4
FortiADC-5.0.3
FortiADC-5.0.2
FortiADC-5.0.1
FortiADC-5.0.0
FortiWeb-6.4.1
FortiWeb-6.4.0
FortiWeb-6.3.15
FortiWeb-6.3.14
FortiWeb-6.3.13
FortiWeb-6.3.12
FortiWeb-6.3.11
FortiWeb-6.3.10
FortiWeb-6.3.9
FortiWeb-6.3.8
FortiWeb-6.3.7
FortiWeb-6.3.6
FortiWeb-6.3.5
FortiWeb-6.3.4
FortiWeb-6.3.3
FortiWeb-6.3.2
FortiWeb-6.3.1
FortiWeb-6.3.0
FortiWeb-6.2.8
FortiWeb-6.2.7
FortiWeb-6.2.6
FortiWeb-6.2.5
FortiWeb-6.2.4
FortiWeb-6.2.3
FortiWeb-6.2.2
FortiWeb-6.2.1
FortiWeb-6.2.0
FortiWeb-6.1.4
FortiWeb-6.1.3
FortiWeb-6.1.2
FortiWeb-6.1.1
FortiWeb-6.1.0
FortiWeb-6.0.8
FortiWeb-6.0.7
FortiWeb-6.0.6
FortiWeb-6.0.5
FortiWeb-6.0.4
FortiWeb-6.0.3
FortiWeb-6.0.2
FortiWeb-6.0.1
FortiWeb-6.0.0
6.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-130
FortiWeb - Multiple vulnerabilities in the authentication mechanism of confd
Reference>