Authentication Bypass Vulnerability in Fortinet FortiWeb Products
CVE-2021-41025
7.3HIGH
What is CVE-2021-41025?
Multiple vulnerabilities have been identified within the authentication mechanism of FortiWeb, impacting numerous versions. These vulnerabilities involve an instance of concurrent execution using a shared resource with improper synchronization, as well as authentication bypass via replay attacks. Successfully exploiting these issues could enable remote, unauthenticated attackers to evade authentication processes and gain unauthorized access as legitimate cluster peers, posing a significant threat to the security of affected systems.
Affected Version(s)
Fortinet FortiWeb FortiWeb 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7