Details of VAR-202105-0663

ID

VAR-202105-0663

CVE

CVE-2021-24011

TITLE

FortiNAC Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2021-006797

DESCRIPTION

A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. FortiNAC Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. FortiNAC has vulnerabilities in permissions and access control issues. The vulnerabilities stem from the incorrect application of security restrictions. This vulnerability allows remote users to elevate privileges on the system. The following products and versions are affected: FortiNAC: 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 8.5.0, 8.5.1, 8.5 .2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.6.5, 8.7.0, 8.7.1, 8.7.2, 8.7.4 , 8.7.5, 8.7.6, 8.8.0, 8.8.1. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.88

sources: NVD: CVE-2021-24011 // JVNDB: JVNDB-2021-006797 // CNNVD: CNNVD-202105-180 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382729 // VULMON: CVE-2021-24011

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortinac	scope:	lt	version:	8.8.2	Trust: 1.0
vendor:	フォーティネット	model:	fortinac	scope:	eq	version:	8.8.2	Trust: 0.8
vendor:	フォーティネット	model:	fortinac	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006797 // NVD: CVE-2021-24011

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-24011
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-24011
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-24011
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202105-180
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-382729
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-24011
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-24011
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-382729
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-24011
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-24011
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-24011
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-382729 // VULMON: CVE-2021-24011 // JVNDB: JVNDB-2021-006797 // CNNVD: CNNVD-202105-180 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24011 // NVD: CVE-2021-24011

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006797 // NVD: CVE-2021-24011

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-180

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202105-180

PATCH

title:	FG-IR-20-038	url:	https://www.fortiguard.com/psirt/FG-IR-20-038	Trust: 0.8
title:	Fortinet FortiNAC Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151200	Trust: 0.6

sources: JVNDB: JVNDB-2021-006797 // CNNVD: CNNVD-202105-180

EXTERNAL IDS

db:	NVD	id:	CVE-2021-24011	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-006797	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.1510	Trust: 0.6
db:	CS-HELP	id:	SB2021050506	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-180	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-382729	Trust: 0.1
db:	VULMON	id:	CVE-2021-24011	Trust: 0.1

sources: VULHUB: VHN-382729 // VULMON: CVE-2021-24011 // JVNDB: JVNDB-2021-006797 // CNNVD: CNNVD-202105-180 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24011

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-20-038	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-24011	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.1510	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050506	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-382729 // VULMON: CVE-2021-24011 // JVNDB: JVNDB-2021-006797 // CNNVD: CNNVD-202105-180 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24011

SOURCES

db:	VULHUB	id:	VHN-382729
db:	VULMON	id:	CVE-2021-24011
db:	JVNDB	id:	JVNDB-2021-006797
db:	CNNVD	id:	CNNVD-202105-180
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-24011

LAST UPDATE DATE

2024-08-14T12:07:14.793000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-382729	date:	2022-05-03T00:00:00
db:	VULMON	id:	CVE-2021-24011	date:	2021-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-006797	date:	2022-01-20T07:25:00
db:	CNNVD	id:	CNNVD-202105-180	date:	2022-05-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-24011	date:	2022-05-03T16:04:40.443

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-382729	date:	2021-05-10T00:00:00
db:	VULMON	id:	CVE-2021-24011	date:	2021-05-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-006797	date:	2022-01-20T00:00:00
db:	CNNVD	id:	CNNVD-202105-180	date:	2021-05-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-24011	date:	2021-05-10T12:15:07.640