CVE-2021-43074
4.3MEDIUMAn improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and belo
게시됨: 2/16/2023업데이트됨: 11/21/2024
설명
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
AI 분석AI 기반
영향받는 제품
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiweb
fortinetfortiweb
fortinetfortios
fortinetfortios
fortinetfortiswitch
fortinetfortiswitch
참조
- https://fortiguard.com/psirt/FG-IR-21-126Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-21-126Vendor Advisory