668
VMScore

CVE-2021-41025

Published: 08/12/2021 Updated: 12/07/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 up to and including 6.3.15, 6.2.0 up to and including 6.2.6, 6.1.0 up to and including 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated malicious user to circumvent the authentication process and authenticate as a legitimate cluster peer.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortiweb 6.4.0

fortinet fortiweb

fortinet fortiweb 6.4.1

fortinet fortiweb 6.1.0

fortinet fortiweb 6.1.1

fortinet fortiweb 6.1.2

fortinet fortiweb 6.4.2