Details of VAR-202107-0463

ID

VAR-202107-0463

CVE

CVE-2021-22129

TITLE

FortiMail Buffer Overflow Vulnerability in Linux

Trust: 0.8

sources: JVNDB: JVNDB-2021-008986

DESCRIPTION

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. FortiMail Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-22129 // JVNDB: JVNDB-2021-008986 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380538 // VULMON: CVE-2021-22129

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortimail	scope:	lte	version:	5.4.12	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.0.11	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.4.5	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	5.6.1	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.2.7	Trust: 1.0
vendor:	フォーティネット	model:	fortimail	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	eq	version:	6.4.5	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008986 // NVD: CVE-2021-22129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22129
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-22129
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22129
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202107-556
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380538
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-22129
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22129
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380538
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22129
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-008986
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380538 // VULMON: CVE-2021-22129 // JVNDB: JVNDB-2021-008986 // CNNVD: CNNVD-202107-556 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22129 // NVD: CVE-2021-22129

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.1
problemtype:	Classic buffer overflow (CWE-120) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380538 // JVNDB: JVNDB-2021-008986 // NVD: CVE-2021-22129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-556

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202107-556

PATCH

title:

FG-IR-21-023

url:

https://fortiguard.com/advisory/FG-IR-21-023

Trust: 0.8

sources: JVNDB: JVNDB-2021-008986

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22129	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-008986	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.2380	Trust: 0.6
db:	CS-HELP	id:	SB2021071352	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-556	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-380538	Trust: 0.1
db:	VULMON	id:	CVE-2021-22129	Trust: 0.1

sources: VULHUB: VHN-380538 // VULMON: CVE-2021-22129 // JVNDB: JVNDB-2021-008986 // CNNVD: CNNVD-202107-556 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22129

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-023	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22129	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.2380	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071352	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380538 // VULMON: CVE-2021-22129 // JVNDB: JVNDB-2021-008986 // CNNVD: CNNVD-202107-556 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22129

SOURCES

db:	VULHUB	id:	VHN-380538
db:	VULMON	id:	CVE-2021-22129
db:	JVNDB	id:	JVNDB-2021-008986
db:	CNNVD	id:	CNNVD-202107-556
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-22129

LAST UPDATE DATE

2024-08-14T12:23:10.474000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380538	date:	2021-07-12T00:00:00
db:	VULMON	id:	CVE-2021-22129	date:	2021-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-008986	date:	2022-04-01T09:05:00
db:	CNNVD	id:	CNNVD-202107-556	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-22129	date:	2021-07-12T13:55:46.827

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380538	date:	2021-07-09T00:00:00
db:	VULMON	id:	CVE-2021-22129	date:	2021-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-008986	date:	2022-04-01T00:00:00
db:	CNNVD	id:	CNNVD-202107-556	date:	2021-07-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-22129	date:	2021-07-09T19:15:08.073