ID

VAR-202108-0574


CVE

CVE-2021-24010


TITLE

Fortinet FortiSandbox path traversal vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-61414 // CNNVD: CNNVD-202108-322

DESCRIPTION

Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests. FortiSandbox Exists in a past traversal vulnerability.Information may be obtained. Fortinet FortiSandbox is an APT (Advanced Persistent Threat) protection device from Fortinet. The device provides functions such as dual sandbox technology, dynamic threat intelligence system, real-time control panel and reports. No detailed vulnerability details are currently provided. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.88

sources: NVD: CVE-2021-24010 // JVNDB: JVNDB-2021-011811 // CNVD: CNVD-2021-61414 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382728 // VULMON: CVE-2021-24010

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61414

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:ltversion:3.2.3

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.1.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:3.1.5

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.1.0 to 3.1.4

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.0 to 3.2.2

Trust: 0.8

vendor:fortinetmodel:fortisandboxscope:gteversion:3.1.0,<3.1.5

Trust: 0.6

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0,<3.2.3

Trust: 0.6

sources: CNVD: CNVD-2021-61414 // JVNDB: JVNDB-2021-011811 // NVD: CVE-2021-24010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-24010
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-24010
value: HIGH

Trust: 1.0

NVD: CVE-2021-24010
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-61414
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-322
value: MEDIUM

Trust: 0.6

VULHUB: VHN-382728
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-24010
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-24010
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-61414
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-382728
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-24010
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-24010
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-24010
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61414 // VULHUB: VHN-382728 // VULMON: CVE-2021-24010 // JVNDB: JVNDB-2021-011811 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-322 // NVD: CVE-2021-24010 // NVD: CVE-2021-24010

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-382728 // JVNDB: JVNDB-2021-011811 // NVD: CVE-2021-24010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-322

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:FG-IR-20-202url:https://www.fortiguard.com/psirt/FG-IR-20-202

Trust: 0.8

title:Patch for Fortinet FortiSandbox path traversal vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/285501

Trust: 0.6

title:Fortinet FortiSandbox Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159651

Trust: 0.6

sources: CNVD: CNVD-2021-61414 // JVNDB: JVNDB-2021-011811 // CNNVD: CNNVD-202108-322

EXTERNAL IDS

db:NVDid:CVE-2021-24010

Trust: 4.0

db:JVNDBid:JVNDB-2021-011811

Trust: 0.8

db:CNVDid:CNVD-2021-61414

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021080315

Trust: 0.6

db:AUSCERTid:ESB-2021.2616

Trust: 0.6

db:CNNVDid:CNNVD-202108-322

Trust: 0.6

db:VULHUBid:VHN-382728

Trust: 0.1

db:VULMONid:CVE-2021-24010

Trust: 0.1

sources: CNVD: CNVD-2021-61414 // VULHUB: VHN-382728 // VULMON: CVE-2021-24010 // JVNDB: JVNDB-2021-011811 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-322 // NVD: CVE-2021-24010

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-24010

Trust: 2.0

url:https://fortiguard.com/advisory/fg-ir-20-202

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080315

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2616

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-61414 // VULHUB: VHN-382728 // VULMON: CVE-2021-24010 // JVNDB: JVNDB-2021-011811 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-322 // NVD: CVE-2021-24010

SOURCES

db:CNVDid:CNVD-2021-61414
db:VULHUBid:VHN-382728
db:VULMONid:CVE-2021-24010
db:JVNDBid:JVNDB-2021-011811
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-322
db:NVDid:CVE-2021-24010

LAST UPDATE DATE

2024-08-14T12:14:36.575000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-61414date:2021-08-12T00:00:00
db:VULHUBid:VHN-382728date:2021-08-11T00:00:00
db:VULMONid:CVE-2021-24010date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2021-011811date:2022-08-15T01:14:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-322date:2021-08-12T00:00:00
db:NVDid:CVE-2021-24010date:2021-08-11T00:00:06.690

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-61414date:2021-08-12T00:00:00
db:VULHUBid:VHN-382728date:2021-08-04T00:00:00
db:VULMONid:CVE-2021-24010date:2021-08-04T00:00:00
db:JVNDBid:JVNDB-2021-011811date:2022-08-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-322date:2021-08-03T00:00:00
db:NVDid:CVE-2021-24010date:2021-08-04T15:15:08.897