CVE-2021-41025

08.12.2021, 19:15

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.

Race Condition

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
fortinet	CNA	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 72%

Vendor	Product	Version
fortinet	fortiweb	6.0.0 ≤ 𝑥 ≤ 6.0.7
fortinet	fortiweb	6.2.0 ≤ 𝑥 ≤ 6.2.6
fortinet	fortiweb	6.3.0 ≤ 𝑥 ≤ 6.3.15
fortinet	fortiweb	6.1.0
fortinet	fortiweb	6.1.1
fortinet	fortiweb	6.1.2
fortinet	fortiweb	6.4.0
fortinet	fortiweb	6.4.1
fortinet	fortiweb	6.4.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://fortiguard.com/advisory/FG-IR-21-130