Sign-up

ID

VAR-202107-0462


CVE

CVE-2021-22125


TITLE

FortiSandbox  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-009854

DESCRIPTION

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. FortiSandbox Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-22125 // JVNDB: JVNDB-2021-009854 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380534 // VULMON: CVE-2021-22125

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:ltversion:3.2.2

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.2

Trust: 0.8

sources: JVNDB: JVNDB-2021-009854 // NVD: CVE-2021-22125

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22125
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-22125
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-22125
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202107-985
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380534
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-22125
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380534
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22125
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-22125
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.1
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-22125
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380534 // JVNDB: JVNDB-2021-009854 // CNNVD: CNNVD-202107-985 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22125 // NVD: CVE-2021-22125

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380534 // JVNDB: JVNDB-2021-009854 // NVD: CVE-2021-22125

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-985

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202107-985

PATCH

title:FG-IR-21-005url:https://fortiguard.com/advisory/FG-IR-21-005

Trust: 0.8

title:Fortinet FortiSandbox Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156672

Trust: 0.6

sources: JVNDB: JVNDB-2021-009854 // CNNVD: CNNVD-202107-985

EXTERNAL IDS

db:NVDid:CVE-2021-22125

Trust: 3.4

db:JVNDBid:JVNDB-2021-009854

Trust: 0.8

db:CS-HELPid:SB2021071407

Trust: 0.6

db:AUSCERTid:ESB-2021.2385

Trust: 0.6

db:CNNVDid:CNNVD-202107-985

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-380534

Trust: 0.1

db:VULMONid:CVE-2021-22125

Trust: 0.1

sources: VULHUB: VHN-380534 // VULMON: CVE-2021-22125 // JVNDB: JVNDB-2021-009854 // CNNVD: CNNVD-202107-985 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22125

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-005

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-22125

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.2385

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071407

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-380534 // VULMON: CVE-2021-22125 // JVNDB: JVNDB-2021-009854 // CNNVD: CNNVD-202107-985 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22125

SOURCES

db:VULHUBid:VHN-380534
db:VULMONid:CVE-2021-22125
db:JVNDBid:JVNDB-2021-009854
db:CNNVDid:CNNVD-202107-985
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-22125

LAST UPDATE DATE

2024-08-14T12:49:54.867000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380534date:2022-05-03T00:00:00
db:VULMONid:CVE-2021-22125date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2021-009854date:2022-06-02T06:10:00
db:CNNVDid:CNNVD-202107-985date:2022-05-06T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-22125date:2022-05-03T16:04:40.443

SOURCES RELEASE DATE

db:VULHUBid:VHN-380534date:2021-07-20T00:00:00
db:VULMONid:CVE-2021-22125date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2021-009854date:2022-06-02T00:00:00
db:CNNVDid:CNNVD-202107-985date:2021-07-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-22125date:2021-07-20T11:15:11.340