Details of VAR-202106-0668

ID

VAR-202106-0668

CVE

CVE-2021-22130

TITLE

FortiProxy Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-007672

DESCRIPTION

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. FortiProxy Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. Fortinet FortiProxy SSL VPN has a buffer overflow vulnerability that stems from a boundary error in the FortiProxy physical appliance CLI. The following products and versions are affected: FortiProxy: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.1.0, 1.1.1, 1.1 .2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7 , 1.2.8, 1.2.9, 2.0.0, 2.0.1

Trust: 2.34

sources: NVD: CVE-2021-22130 // JVNDB: JVNDB-2021-007672 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380539 // VULMON: CVE-2021-22130

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	1.0.7	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	1.1.6	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	2.0.2	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	1.2.10	Trust: 1.0
vendor:	フォーティネット	model:	fortiproxy	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiproxy	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007672 // NVD: CVE-2021-22130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22130
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-22130
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22130
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-015
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380539
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-22130
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22130
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380539
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22130
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-22130
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22130
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380539 // VULMON: CVE-2021-22130 // JVNDB: JVNDB-2021-007672 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-015 // NVD: CVE-2021-22130 // NVD: CVE-2021-22130

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380539 // JVNDB: JVNDB-2021-007672 // NVD: CVE-2021-22130

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-015

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

FG-IR-21-006

url:

https://www.fortiguard.com/psirt/FG-IR-21-006

Trust: 0.8

sources: JVNDB: JVNDB-2021-007672

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22130	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-007672	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1889	Trust: 0.6
db:	CS-HELP	id:	SB2021060123	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-015	Trust: 0.6
db:	VULHUB	id:	VHN-380539	Trust: 0.1
db:	VULMON	id:	CVE-2021-22130	Trust: 0.1

sources: VULHUB: VHN-380539 // VULMON: CVE-2021-22130 // JVNDB: JVNDB-2021-007672 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-015 // NVD: CVE-2021-22130

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-006	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22130	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060123	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1889	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380539 // VULMON: CVE-2021-22130 // JVNDB: JVNDB-2021-007672 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-015 // NVD: CVE-2021-22130

SOURCES

db:	VULHUB	id:	VHN-380539
db:	VULMON	id:	CVE-2021-22130
db:	JVNDB	id:	JVNDB-2021-007672
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-015
db:	NVD	id:	CVE-2021-22130

LAST UPDATE DATE

2024-08-14T12:37:33.189000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380539	date:	2021-06-11T00:00:00
db:	VULMON	id:	CVE-2021-22130	date:	2021-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-007672	date:	2022-02-18T09:13:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-015	date:	2021-06-15T00:00:00
db:	NVD	id:	CVE-2021-22130	date:	2021-06-11T17:11:21.330

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380539	date:	2021-06-03T00:00:00
db:	VULMON	id:	CVE-2021-22130	date:	2021-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-007672	date:	2022-02-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-015	date:	2021-06-01T00:00:00
db:	NVD	id:	CVE-2021-22130	date:	2021-06-03T11:15:08.527