CVE-2021-43074

CWE-3474 documents4 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 61.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy Fortinet Fortiswitch +1 more

Timeline

PublishedFeb 16

Description

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages8 packages

▶NVDfortinet/fortios6.0.0 — 6.4.9+1

▶NVDfortinet/fortiweb6.0.0 — 6.3.17+1

▶NVDfortinet/fortiproxy1.0.0 — 2.0.8+1

▶NVDfortinet/fortiswitch6.0.0 — 6.4.11+1

▶CVEListV5fortinet/fortios7.0.0 — 7.0.3+3

🔴Vulnerability Details

CVEList

CVE-2021-43074: An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6↗2023-02-16

▶

GHSA

GHSA-wcqx-g82p-992c: An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6↗2023-02-16

▶

📋Vendor Advisories

Fortinet

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and bel...↗2023-02-16

▶