ID

VAR-202302-1352


CVE

CVE-2021-43074


TITLE

Digital signature validation vulnerability in multiple Fortinet products

Trust: 0.8

sources: JVNDB: JVNDB-2023-004474

DESCRIPTION

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter. FortiProxy , Fortiweb , FortiOS Multiple Fortinet products contain vulnerabilities related to digital signature validation.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2021-43074 // JVNDB: JVNDB-2023-004474 // VULHUB: VHN-404124 // VULMON: CVE-2021-43074

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:ltversion:6.4.9

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.3.17

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:ltversion:6.4.11

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:ltversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.0.0

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:ltversion:7.0.4

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:ltversion:2.0.8

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:7.0.4

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:7.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortiproxyscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiswitchscope:eqversion:7.0.0 that's all 7.0.4

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiswitchscope:eqversion:6.0.0 that's all 6.4.11

Trust: 0.8

sources: JVNDB: JVNDB-2023-004474 // NVD: CVE-2021-43074

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43074
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-43074
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-43074
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202302-1452
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-43074
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-43074
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004474 // CNNVD: CNNVD-202302-1452 // NVD: CVE-2021-43074 // NVD: CVE-2021-43074

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.1

problemtype:Improper verification of digital signatures (CWE-347) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-404124 // JVNDB: JVNDB-2023-004474 // NVD: CVE-2021-43074

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1452

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202302-1452

PATCH

title:FG-IR-21-126url:https://fortiguard.com/psirt/FG-IR-21-126

Trust: 0.8

title:Fortinet FortiSwitch and FortiWeb Repair measures for data forgery problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226818

Trust: 0.6

sources: JVNDB: JVNDB-2023-004474 // CNNVD: CNNVD-202302-1452

EXTERNAL IDS

db:NVDid:CVE-2021-43074

Trust: 3.4

db:JVNDBid:JVNDB-2023-004474

Trust: 0.8

db:CNNVDid:CNNVD-202302-1452

Trust: 0.6

db:VULHUBid:VHN-404124

Trust: 0.1

db:VULMONid:CVE-2021-43074

Trust: 0.1

sources: VULHUB: VHN-404124 // VULMON: CVE-2021-43074 // JVNDB: JVNDB-2023-004474 // CNNVD: CNNVD-202302-1452 // NVD: CVE-2021-43074

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-21-126

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-43074

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-43074/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-404124 // VULMON: CVE-2021-43074 // JVNDB: JVNDB-2023-004474 // CNNVD: CNNVD-202302-1452 // NVD: CVE-2021-43074

SOURCES

db:VULHUBid:VHN-404124
db:VULMONid:CVE-2021-43074
db:JVNDBid:JVNDB-2023-004474
db:CNNVDid:CNNVD-202302-1452
db:NVDid:CVE-2021-43074

LAST UPDATE DATE

2024-08-14T14:49:19.202000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-404124date:2023-02-24T00:00:00
db:VULMONid:CVE-2021-43074date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004474date:2023-10-30T07:35:00
db:CNNVDid:CNNVD-202302-1452date:2023-02-27T00:00:00
db:NVDid:CVE-2021-43074date:2023-11-07T03:39:18.017

SOURCES RELEASE DATE

db:VULHUBid:VHN-404124date:2023-02-16T00:00:00
db:VULMONid:CVE-2021-43074date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004474date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1452date:2023-02-16T00:00:00
db:NVDid:CVE-2021-43074date:2023-02-16T19:15:11.677