説明
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
AI分析AIによる分析
影響を受ける製品
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiweb
fortinetfortiweb
fortinetfortios
fortinetfortios
fortinetfortiswitch
fortinetfortiswitch
参照
- https://fortiguard.com/psirt/FG-IR-21-126Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-21-126Vendor Advisory