cbcvebase.
CVE-2021-42761
published 2023-02-16

CVE-2021-42761: A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.47%
70.4th percentile
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.

Affected

17 ranges
VendorProductVersion rangeFixed in
fortinetfortiweb
fortinetfortiweb>= 5.6.0 < 5.9.25.9.2
fortinetfortiweb5.6.0 – 5.6.2
fortinetfortiweb5.7.0 – 5.7.3
fortinetfortiweb5.8.0 – 5.8.3
fortinetfortiweb5.8.5 – 5.8.7
fortinetfortiweb5.9.0 – 5.9.1
fortinetfortiweb>= 6.0.0 < 6.0.86.0.8
fortinetfortiweb6.0.0 – 6.0.7
fortinetfortiweb>= 6.1.0 < 6.1.36.1.3
fortinetfortiweb6.1.0 – 6.1.2
fortinetfortiweb>= 6.2.0 < 6.2.76.2.7
fortinetfortiweb6.2.0 – 6.2.6
fortinetfortiweb>= 6.3.0 < 6.3.176.3.17
fortinetfortiweb6.3.0 – 6.3.16
fortinetfortiweb>= 6.4.0 < 7.0.07.0.0
fortinetfortiweb6.4.0 – 6.4.2

Detection & IOCsextracted from sources · hover to see the quote

  • Target product is FortiWeb; monitor for session fixation attempts against FortiWeb session management — an unauthenticated attacker may attempt to infer or reuse session identifiers of authenticated users
  • CWE-384 (Session Fixation) — look for anomalous session token reuse or session ID patterns that appear predictable/sequential in FortiWeb access logs, particularly from unauthenticated source IPs
  • ·All FortiWeb 6.4.x versions are affected; also affected are 6.3.0–6.3.16, 6.2.0–6.2.6, 6.1.0–6.1.2, 6.0.0–6.0.7, and 5.9.0–5.9.1 — verify patched versions are deployed
  • ·CVSS score is 9.0 (Critical) and exploitation requires no authentication, making unpatched internet-facing FortiWeb instances high-priority targets
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.