Details of VAR-202107-0629

ID

VAR-202107-0629

CVE

CVE-2021-24015

TITLE

FortiMail Operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202107-621

DESCRIPTION

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiMail is a suite of e-mail security gateway products from Fortinet. The product provides features such as email security and data protection

Trust: 1.62

sources: NVD: CVE-2021-24015 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382733 // VULMON: CVE-2021-24015

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortimail	scope:	lte	version:	5.4.12	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.0.11	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	5.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.4.4	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.2.7	Trust: 1.0

sources: NVD: CVE-2021-24015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-24015
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-24015
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202107-621
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-382733
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-24015
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-24015
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-382733
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-24015
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-24015
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-382733 // VULMON: CVE-2021-24015 // CNNVD: CNNVD-202107-621 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24015 // NVD: CVE-2021-24015

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.1

sources: VULHUB: VHN-382733 // NVD: CVE-2021-24015

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-621

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202107-621

PATCH

title:

FortiMail Fixes for operating system command injection vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156724

Trust: 0.6

sources: CNNVD: CNNVD-202107-621

EXTERNAL IDS

db:	NVD	id:	CVE-2021-24015	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.2380	Trust: 0.6
db:	CS-HELP	id:	SB2021071352	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-621	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CNVD	id:	CNVD-2021-51811	Trust: 0.1
db:	VULHUB	id:	VHN-382733	Trust: 0.1
db:	VULMON	id:	CVE-2021-24015	Trust: 0.1

sources: VULHUB: VHN-382733 // VULMON: CVE-2021-24015 // CNNVD: CNNVD-202107-621 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24015

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-021	Trust: 1.8
url:	https://www.auscert.org.au/bulletins/esb-2021.2380	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071352	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-382733 // VULMON: CVE-2021-24015 // CNNVD: CNNVD-202107-621 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24015

SOURCES

db:	VULHUB	id:	VHN-382733
db:	VULMON	id:	CVE-2021-24015
db:	CNNVD	id:	CNNVD-202107-621
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-24015

LAST UPDATE DATE

2024-08-14T12:24:17.718000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-382733	date:	2021-07-14T00:00:00
db:	VULMON	id:	CVE-2021-24015	date:	2021-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-621	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-24015	date:	2021-07-14T12:39:12.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-382733	date:	2021-07-12T00:00:00
db:	VULMON	id:	CVE-2021-24015	date:	2021-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202107-621	date:	2021-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-24015	date:	2021-07-12T14:15:08.057