Vulnerabilities > CVE-2021-36190 - Unspecified vulnerability in Fortinet Fortiweb

CVSS 6.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

fortinet

NVD

Published: 2021-12-08

Updated: 2023-08-08

Summary

A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortiweb 6.4.0 Fortinet Fortiweb 6.3.0 Fortinet Fortiweb 6.3.1 Fortinet Fortiweb 6.3.2 Fortinet Fortiweb 6.3.3 Fortinet Fortiweb 6.3.4 Fortinet Fortiweb 6.3.5 Fortinet Fortiweb 6.3.6 Fortinet Fortiweb 6.3.7 Fortinet Fortiweb 6.3.8 Fortinet Fortiweb 6.3.9 Fortinet Fortiweb 6.3.10 Fortinet Fortiweb 6.3.11 Fortinet Fortiweb 6.3.12 Fortinet Fortiweb 6.3.13 Fortinet Fortiweb 6.3.14 Fortinet Fortiweb 6.3.15 Fortinet Fortiweb 6.4.1 Fortinet Fortiweb 6.1.0 Fortinet Fortiweb 6.1.1 Fortinet Fortiweb 6.0.0 Fortinet Fortiweb 6.0.1 Fortinet Fortiweb 6.0.2 Fortinet Fortiweb 6.0.3 Fortinet Fortiweb 6.0.4 Fortinet Fortiweb 6.0.5 Fortinet Fortiweb 6.0.6 Fortinet Fortiweb 6.0.7 Fortinet Fortiweb 6.1.2 Fortinet Fortiweb 6.2.0 Fortinet Fortiweb 6.2.1 Fortinet Fortiweb 6.2.2 Fortinet Fortiweb 6.2.3 Fortinet Fortiweb 6.2.4 Fortinet Fortiweb 6.2.5 Fortinet Fortiweb 6.2.6	36

References

https://fortiguard.com/advisory/FG-IR-21-123