ID

VAR-202107-0463


CVE

CVE-2021-22129


TITLE

FortiMail  Buffer Overflow Vulnerability in Linux

Trust: 0.8

sources: JVNDB: JVNDB-2021-008986

DESCRIPTION

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. FortiMail Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-22129 // JVNDB: JVNDB-2021-008986 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380538 // VULMON: CVE-2021-22129

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:lteversion:5.4.12

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.0.11

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.4.5

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:5.6.1

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.2.7

Trust: 1.0

vendor:フォーティネットmodel:fortimailscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion:6.4.5

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-008986 // NVD: CVE-2021-22129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22129
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-22129
value: HIGH

Trust: 1.0

NVD: CVE-2021-22129
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202107-556
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380538
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-22129
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22129
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-380538
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22129
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-008986
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380538 // VULMON: CVE-2021-22129 // JVNDB: JVNDB-2021-008986 // CNNVD: CNNVD-202107-556 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22129 // NVD: CVE-2021-22129

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.1

problemtype:Classic buffer overflow (CWE-120) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380538 // JVNDB: JVNDB-2021-008986 // NVD: CVE-2021-22129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-556

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202107-556

PATCH

title:FG-IR-21-023url:https://fortiguard.com/advisory/FG-IR-21-023

Trust: 0.8

sources: JVNDB: JVNDB-2021-008986

EXTERNAL IDS

db:NVDid:CVE-2021-22129

Trust: 3.4

db:JVNDBid:JVNDB-2021-008986

Trust: 0.8

db:AUSCERTid:ESB-2021.2380

Trust: 0.6

db:CS-HELPid:SB2021071352

Trust: 0.6

db:CNNVDid:CNNVD-202107-556

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-380538

Trust: 0.1

db:VULMONid:CVE-2021-22129

Trust: 0.1

sources: VULHUB: VHN-380538 // VULMON: CVE-2021-22129 // JVNDB: JVNDB-2021-008986 // CNNVD: CNNVD-202107-556 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22129

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-023

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-22129

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.2380

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071352

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-380538 // VULMON: CVE-2021-22129 // JVNDB: JVNDB-2021-008986 // CNNVD: CNNVD-202107-556 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22129

SOURCES

db:VULHUBid:VHN-380538
db:VULMONid:CVE-2021-22129
db:JVNDBid:JVNDB-2021-008986
db:CNNVDid:CNNVD-202107-556
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-22129

LAST UPDATE DATE

2024-08-14T12:23:10.474000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380538date:2021-07-12T00:00:00
db:VULMONid:CVE-2021-22129date:2021-07-12T00:00:00
db:JVNDBid:JVNDB-2021-008986date:2022-04-01T09:05:00
db:CNNVDid:CNNVD-202107-556date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-22129date:2021-07-12T13:55:46.827

SOURCES RELEASE DATE

db:VULHUBid:VHN-380538date:2021-07-09T00:00:00
db:VULMONid:CVE-2021-22129date:2021-07-09T00:00:00
db:JVNDBid:JVNDB-2021-008986date:2022-04-01T00:00:00
db:CNNVDid:CNNVD-202107-556date:2021-07-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-22129date:2021-07-09T19:15:08.073