{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T04:41:07.280","vulnerabilities":[{"cve":{"id":"CVE-2021-41025","sourceIdentifier":"psirt@fortinet.com","published":"2021-12-08T19:15:09.957","lastModified":"2024-11-21T06:25:17.647","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer."},{"lang":"es","value":"Múltiples vulnerabilidades en el mecanismo de autenticación de confd en las versiones 6.4.1, 6.4.0, 6.3.0 hasta 6.3.15, 6.2.0 hasta 6.2.6, 6.1.0 hasta 6.1.2, 6.0.0 hasta 6.0. 7, incluyendo una instancia de ejecución concurrente usando un recurso compartido con una sincronización no adecuada y una de omisión de autenticación por captura-repetición, puede permitir a un atacante remoto no autenticado omitir el proceso de autenticación y autenticarse como un peer legítimo del cluster"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.0.7","matchCriteriaId":"C5931460-A0F1-4BED-ADEF-A48602EA747C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndIncluding":"6.2.6","matchCriteriaId":"5F9F1235-608A-4301-904F-8CA38A153E88"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndIncluding":"6.3.15","matchCriteriaId":"F59449EE-C44E-4EE7-80DC-5194A9B5B4CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"96B929BB-7B7A-40D2-AB13-D4FDD41FD159"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"1A3C5370-3453-4F07-B551-7E36F815578C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"415AF153-2A59-488B-A78B-D98B7F39B5AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*","matchCriteriaId":"74A92A08-E6F6-4522-A6DA-061950AD3525"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A6A3D2C4-C3FA-4E12-9156-DAFEA4E00BCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*","matchCriteriaId":"6775BE1F-184A-45D2-9D8D-AA8F40227988"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-130","source":"psirt@fortinet.com","tags":["Patch","Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-130","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}