Unintended Proxy Vulnerability in Fortinet FortiWeb Affecting Multiple Versions
CVE-2021-36190

5.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiweb
Vendor: CVE Published:; 8 December 2021

Summary

The vulnerability in Fortinet FortiWeb arises from an unintended proxy or intermediary issue, allowing unauthenticated attackers to exploit crafted HTTP requests to access protected hosts. This flaw affects multiple versions of the FortiWeb product, potentially exposing sensitive data and systems to unauthorized access. Organizations using affected versions must assess their security posture and implement the necessary updates to mitigate risks.

Affected Version(s)

Fortinet FortiWeb FortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

References

https://fortiguard.com/advisory/FG-IR-21-123

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2021
Vulnerability Reserved
Jul 6, 2021