PSIRT Advisories

FortiWeb - Multiple vulnerabilities in the authentication mechanism of confd

Summary

Multiple vulnerabilities in the authentication mechanism of FortiWeb's confd, including an instance of concurrent execution using shared resource with improper synchronization [CWE-362] and one of authentication bypass by capture-replay [CWE-294], may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.

Affected Products

FortiWeb versions 6.4.1 and below.
FortiWeb versions 6.3.15 and below.
FortiWeb versions 6.2.6 and below.
FortiWeb versions 6.1.2 and below.
FortiWeb versions 6.3.15 and below.
FortiWeb versions 6.0.7 and below.

Solutions

Upgrade to FortiWeb 7.0.0 or above.
Upgrade to FortiWeb 6.4.2 or above.
Upgrade to FortiWeb 6.3.16 or above.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.