描述
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
AI分析AI驱动
受影响产品
fortinetfortiproxy
fortinetfortiproxy
fortinetfortiweb
fortinetfortiweb
fortinetfortios
fortinetfortios
fortinetfortiswitch
fortinetfortiswitch
参考资料
- https://fortiguard.com/psirt/FG-IR-21-126Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-21-126Vendor Advisory