CVE-2021-42761

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-21-214	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::

History

24 Feb 2023, 23:47

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-02-16 19:15

Updated : 2024-02-04 23:14

NVD link : CVE-2021-42761

Mitre link : CVE-2021-42761

CVE.ORG link : CVE-2021-42761

JSON object : View

Products Affected

fortinet

fortiweb

CWE

CWE-384

Session Fixation

{"id": "CVE-2021-42761", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}]}, "published": "2023-02-16T19:15:11.603", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-21-214", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}, {"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "A condition\u00a0for session\u00a0fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session."}], "lastModified": "2023-11-07T03:39:14.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8FDE2B1-1E8E-4DA7-B545-487914EF232D", "versionEndExcluding": "5.9.2", "versionStartIncluding": "5.6.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BE261E5-059D-4B89-893A-458E0B40CFD9", "versionEndExcluding": "6.0.8", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EFA8AB9-2777-471C-A1DA-635BDACE2F10", "versionEndExcluding": "6.1.3", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "919112F8-1479-45F0-BE4D-91112143D2AF", "versionEndExcluding": "6.2.7", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B1B7CFD-96E5-40EA-9CBC-48D0255081BD", "versionEndExcluding": "6.3.17", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1725A170-7445-459F-A682-A9EA13470393", "versionEndExcluding": "7.0.0", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}