Vulnerability Description
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiproxy | >= 1.0.0, < 2.0.8 |
| Fortinet | Fortiweb | >= 6.0.0, < 6.3.17 |
| Fortinet | Fortios | >= 6.0.0, < 6.4.9 |
| Fortinet | Fortiswitch | >= 6.0.0, < 6.4.11 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-21-126Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-21-126Vendor Advisory
FAQ
What is CVE-2021-43074?
CVE-2021-43074 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and belo...
How severe is CVE-2021-43074?
CVE-2021-43074 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43074?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiproxy, Fortinet Fortiweb, Fortinet Fortios, Fortinet Fortiswitch.