ID

VAR-202108-0575


CVE

CVE-2021-24014


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-24014 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382732 // VULMON: CVE-2021-24014

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:ltversion:3.2.3

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.1.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0

Trust: 1.0

sources: NVD: CVE-2021-24014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-24014
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-24014
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-334
value: MEDIUM

Trust: 0.6

VULHUB: VHN-382732
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-24014
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-24014
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-382732
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-24014
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-24014
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-382732 // VULMON: CVE-2021-24014 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-334 // NVD: CVE-2021-24014 // NVD: CVE-2021-24014

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

sources: VULHUB: VHN-382732 // NVD: CVE-2021-24014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-334

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Fortinet FortiSandbox Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158584

Trust: 0.6

sources: CNNVD: CNNVD-202108-334

EXTERNAL IDS

db:NVDid:CVE-2021-24014

Trust: 1.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021080315

Trust: 0.6

db:AUSCERTid:ESB-2021.2616

Trust: 0.6

db:CNNVDid:CNNVD-202108-334

Trust: 0.6

db:VULHUBid:VHN-382732

Trust: 0.1

db:VULMONid:CVE-2021-24014

Trust: 0.1

sources: VULHUB: VHN-382732 // VULMON: CVE-2021-24014 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-334 // NVD: CVE-2021-24014

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-209

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080315

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2616

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-382732 // VULMON: CVE-2021-24014 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-334 // NVD: CVE-2021-24014

SOURCES

db:VULHUBid:VHN-382732
db:VULMONid:CVE-2021-24014
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-334
db:NVDid:CVE-2021-24014

LAST UPDATE DATE

2024-08-14T12:07:49.503000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-382732date:2021-08-11T00:00:00
db:VULMONid:CVE-2021-24014date:2021-08-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-334date:2021-08-12T00:00:00
db:NVDid:CVE-2021-24014date:2021-08-11T17:34:27.563

SOURCES RELEASE DATE

db:VULHUBid:VHN-382732date:2021-08-04T00:00:00
db:VULMONid:CVE-2021-24014date:2021-08-04T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-334date:2021-08-03T00:00:00
db:NVDid:CVE-2021-24014date:2021-08-04T19:15:08.373