ID

VAR-202106-0668


CVE

CVE-2021-22130


TITLE

FortiProxy  Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-007672

DESCRIPTION

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. FortiProxy Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. Fortinet FortiProxy SSL VPN has a buffer overflow vulnerability that stems from a boundary error in the FortiProxy physical appliance CLI. The following products and versions are affected: FortiProxy: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.1.0, 1.1.1, 1.1 .2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7 , 1.2.8, 1.2.9, 2.0.0, 2.0.1

Trust: 2.34

sources: NVD: CVE-2021-22130 // JVNDB: JVNDB-2021-007672 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380539 // VULMON: CVE-2021-22130

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiproxyscope:lteversion:1.0.7

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.1.6

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:2.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:ltversion:2.0.2

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.2.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.1.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:ltversion:1.2.10

Trust: 1.0

vendor:フォーティネットmodel:fortiproxyscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiproxyscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007672 // NVD: CVE-2021-22130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22130
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-22130
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-22130
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-015
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380539
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-22130
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22130
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-380539
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22130
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-22130
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22130
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380539 // VULMON: CVE-2021-22130 // JVNDB: JVNDB-2021-007672 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-015 // NVD: CVE-2021-22130 // NVD: CVE-2021-22130

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380539 // JVNDB: JVNDB-2021-007672 // NVD: CVE-2021-22130

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-015

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:FG-IR-21-006url:https://www.fortiguard.com/psirt/FG-IR-21-006

Trust: 0.8

sources: JVNDB: JVNDB-2021-007672

EXTERNAL IDS

db:NVDid:CVE-2021-22130

Trust: 3.4

db:JVNDBid:JVNDB-2021-007672

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1889

Trust: 0.6

db:CS-HELPid:SB2021060123

Trust: 0.6

db:CNNVDid:CNNVD-202106-015

Trust: 0.6

db:VULHUBid:VHN-380539

Trust: 0.1

db:VULMONid:CVE-2021-22130

Trust: 0.1

sources: VULHUB: VHN-380539 // VULMON: CVE-2021-22130 // JVNDB: JVNDB-2021-007672 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-015 // NVD: CVE-2021-22130

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-006

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-22130

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060123

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1889

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-380539 // VULMON: CVE-2021-22130 // JVNDB: JVNDB-2021-007672 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-015 // NVD: CVE-2021-22130

SOURCES

db:VULHUBid:VHN-380539
db:VULMONid:CVE-2021-22130
db:JVNDBid:JVNDB-2021-007672
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-015
db:NVDid:CVE-2021-22130

LAST UPDATE DATE

2024-08-14T12:37:33.189000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380539date:2021-06-11T00:00:00
db:VULMONid:CVE-2021-22130date:2021-06-11T00:00:00
db:JVNDBid:JVNDB-2021-007672date:2022-02-18T09:13:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-015date:2021-06-15T00:00:00
db:NVDid:CVE-2021-22130date:2021-06-11T17:11:21.330

SOURCES RELEASE DATE

db:VULHUBid:VHN-380539date:2021-06-03T00:00:00
db:VULMONid:CVE-2021-22130date:2021-06-03T00:00:00
db:JVNDBid:JVNDB-2021-007672date:2022-02-18T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-015date:2021-06-01T00:00:00
db:NVDid:CVE-2021-22130date:2021-06-03T11:15:08.527