CVE-2021-41025
Last modified
CVE-2021-41025 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.. EPSS estimates a 1.44% chance of exploitation in the next 30 days.
Description
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiweb | >= 6.0.0, <= 6.0.7 |
| Fortinet | Fortiweb | >= 6.2.0, <= 6.2.6 |
| Fortinet | Fortiweb | >= 6.3.0, <= 6.3.15 |
| Fortinet | Fortiweb | 6.1.0 |
| Fortinet | Fortiweb | 6.1.1 |
| Fortinet | Fortiweb | 6.1.2 |
| Fortinet | Fortiweb | 6.4.0 |
| Fortinet | Fortiweb | 6.4.1 |
| Fortinet | Fortiweb | 6.4.2 |
References
- https://fortiguard.com/advisory/FG-IR-21-130Patch, Vendor Advisory
- https://fortiguard.com/advisory/FG-IR-21-130Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-41025?
How severe is CVE-2021-41025?
How do I fix CVE-2021-41025?
Are you affected by CVE-2021-41025?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST