Sign-up

ID

VAR-202107-1088


CVE

CVE-2021-26106


TITLE

Fortinet FortiAP OS command vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-50167

DESCRIPTION

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. Fortinet FortiAP is a controller used to manage wireless access point devices from Fortinet. Fortinet FortiAP has a security vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.16

sources: NVD: CVE-2021-26106 // CNVD: CNVD-2021-50167 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385070 // VULMON: CVE-2021-26106

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-50167

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiapscope:ltversion:6.4.6

Trust: 1.0

vendor:fortinetmodel:fortiapscope:gteversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortiap-sscope:ltversion:6.2.6

Trust: 1.0

vendor:fortinetmodel:fortiap-sscope:gteversion:6.2.4

Trust: 1.0

vendor:fortinetmodel:fortiap-w2scope:ltversion:6.2.6

Trust: 1.0

vendor:fortinetmodel:fortiap-w2scope:gteversion:6.2.4

Trust: 1.0

vendor:fortinetmodel:fortiapscope:gteversion:6.4.1,<=6.4.5

Trust: 0.6

vendor:fortinetmodel:fortiapscope:gteversion:6.2.4,<=6.2.5

Trust: 0.6

sources: CNVD: CNVD-2021-50167 // NVD: CVE-2021-26106

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-26106
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-26106
value: HIGH

Trust: 1.0

CNVD: CNVD-2021-50167
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-560
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-385070
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-26106
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-26106
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-50167
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-385070
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-26106
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2021-50167 // VULHUB: VHN-385070 // VULMON: CVE-2021-26106 // CNNVD: CNNVD-202107-560 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26106 // NVD: CVE-2021-26106

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-385070 // NVD: CVE-2021-26106

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-560

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202107-560

PATCH

title:Patch for Fortinet FortiAP OS command vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/278886

Trust: 0.6

sources: CNVD: CNVD-2021-50167

EXTERNAL IDS

db:NVDid:CVE-2021-26106

Trust: 2.4

db:CNVDid:CNVD-2021-50167

Trust: 0.6

db:AUSCERTid:ESB-2021.2383

Trust: 0.6

db:CS-HELPid:SB2021071405

Trust: 0.6

db:CNNVDid:CNNVD-202107-560

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-385070

Trust: 0.1

db:VULMONid:CVE-2021-26106

Trust: 0.1

sources: CNVD: CNVD-2021-50167 // VULHUB: VHN-385070 // VULMON: CVE-2021-26106 // CNNVD: CNNVD-202107-560 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26106

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-210

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-26106

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2383

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071405

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-50167 // VULHUB: VHN-385070 // VULMON: CVE-2021-26106 // CNNVD: CNNVD-202107-560 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26106

SOURCES

db:CNVDid:CNVD-2021-50167
db:VULHUBid:VHN-385070
db:VULMONid:CVE-2021-26106
db:CNNVDid:CNNVD-202107-560
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-26106

LAST UPDATE DATE

2024-08-14T12:43:14.594000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-50167date:2021-07-13T00:00:00
db:VULHUBid:VHN-385070date:2021-07-12T00:00:00
db:VULMONid:CVE-2021-26106date:2021-07-12T00:00:00
db:CNNVDid:CNNVD-202107-560date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-26106date:2021-07-12T13:29:34.657

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-50167date:2021-07-13T00:00:00
db:VULHUBid:VHN-385070date:2021-07-09T00:00:00
db:VULMONid:CVE-2021-26106date:2021-07-09T00:00:00
db:CNNVDid:CNNVD-202107-560date:2021-07-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-26106date:2021-07-09T19:15:08.313