admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/43xxx/CVE-2021-43074.json

195 lines
9.2 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2021-10-28 22:00:55 +00:00
{
"-Synchronized-Data."
2023-02-16 19:00:35 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2021-10-28 22:00:55 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-43074",
"-Synchronized-Data."
2023-02-16 19:00:35 +00:00
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
"-Synchronized-Data."
2021-10-28 22:00:55 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2023-02-16 19:00:35 +00:00
"value": "An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure",
"cweId": "CWE-347"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiSwitch",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.3"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.10"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.7"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.7"
}
]
}
},
{
"product_name": "FortiWeb",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.2"
},
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.16"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.7"
},
{
"version_affected": "<=",
"version_name": "6.1.0",
"version_value": "6.1.3"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.8"
}
]
}
},
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.1"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.7"
},
{
"version_affected": "<=",
"version_name": "1.2.0",
"version_value": "1.2.13"
},
{
"version_affected": "<=",
"version_name": "1.1.0",
"version_value": "1.1.6"
},
{
"version_affected": "<=",
"version_name": "1.0.0",
"version_value": "1.0.7"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.3"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.8"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.12"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-21-126",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-21-126"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to FortiOS version 7.0.7 or above.\r\nUpgrade to FortiOS version 6.4.9\u00a0or above.\nUpgrade to FortiWeb version 7.0.0 or above.\r\nupgrade to FortiWeb version 6.3.17 or above.\nUpgrade to FortiProxy\u00a0version 7.0.7 or above.\r\nUpgrade to FortiProxy\u00a0version 2.0.8\u00a0or above.\nUpgrade to FortiSwitch\u00a0version 7.2.0 or above.\r\nUpgrade to FortiSwitch\u00a0version 7.0.4\u00a0or above.\r\nUpgrade to FortiSwitch\u00a0version 6.4.11\u00a0or above."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C"
"-Synchronized-Data."
2021-10-28 22:00:55 +00:00
}
]
}
}
Reference in New Issue Copy Permalink