ID

VAR-202107-0629


CVE

CVE-2021-24015


TITLE

FortiMail Operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202107-621

DESCRIPTION

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiMail is a suite of e-mail security gateway products from Fortinet. The product provides features such as email security and data protection

Trust: 1.62

sources: NVD: CVE-2021-24015 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382733 // VULMON: CVE-2021-24015

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:lteversion:5.4.12

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.0.11

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:5.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.4.4

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.2.7

Trust: 1.0

sources: NVD: CVE-2021-24015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-24015
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-24015
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202107-621
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-382733
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-24015
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-24015
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-382733
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-24015
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-24015
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-382733 // VULMON: CVE-2021-24015 // CNNVD: CNNVD-202107-621 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24015 // NVD: CVE-2021-24015

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-382733 // NVD: CVE-2021-24015

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-621

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202107-621

PATCH

title:FortiMail Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156724

Trust: 0.6

sources: CNNVD: CNNVD-202107-621

EXTERNAL IDS

db:NVDid:CVE-2021-24015

Trust: 1.8

db:AUSCERTid:ESB-2021.2380

Trust: 0.6

db:CS-HELPid:SB2021071352

Trust: 0.6

db:CNNVDid:CNNVD-202107-621

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CNVDid:CNVD-2021-51811

Trust: 0.1

db:VULHUBid:VHN-382733

Trust: 0.1

db:VULMONid:CVE-2021-24015

Trust: 0.1

sources: VULHUB: VHN-382733 // VULMON: CVE-2021-24015 // CNNVD: CNNVD-202107-621 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24015

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-021

Trust: 1.8

url:https://www.auscert.org.au/bulletins/esb-2021.2380

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071352

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-382733 // VULMON: CVE-2021-24015 // CNNVD: CNNVD-202107-621 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24015

SOURCES

db:VULHUBid:VHN-382733
db:VULMONid:CVE-2021-24015
db:CNNVDid:CNNVD-202107-621
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-24015

LAST UPDATE DATE

2024-08-14T12:24:17.718000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-382733date:2021-07-14T00:00:00
db:VULMONid:CVE-2021-24015date:2021-07-14T00:00:00
db:CNNVDid:CNNVD-202107-621date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-24015date:2021-07-14T12:39:12.220

SOURCES RELEASE DATE

db:VULHUBid:VHN-382733date:2021-07-12T00:00:00
db:VULMONid:CVE-2021-24015date:2021-07-12T00:00:00
db:CNNVDid:CNNVD-202107-621date:2021-07-12T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-24015date:2021-07-12T14:15:08.057