Details of VAR-202108-0575

ID

VAR-202108-0575

CVE

CVE-2021-24014

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-24014 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382732 // VULMON: CVE-2021-24014

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	3.2.3	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	3.1.4	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	3.2.0	Trust: 1.0

sources: NVD: CVE-2021-24014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-24014
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-24014
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-334
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-382732
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-24014
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-24014
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-382732
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-24014
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-24014
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-382732 // VULMON: CVE-2021-24014 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-334 // NVD: CVE-2021-24014 // NVD: CVE-2021-24014

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.1

sources: VULHUB: VHN-382732 // NVD: CVE-2021-24014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-334

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

Fortinet FortiSandbox Fixes for cross-site scripting vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158584

Trust: 0.6

sources: CNNVD: CNNVD-202108-334

EXTERNAL IDS

db:	NVD	id:	CVE-2021-24014	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021080315	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2616	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-334	Trust: 0.6
db:	VULHUB	id:	VHN-382732	Trust: 0.1
db:	VULMON	id:	CVE-2021-24014	Trust: 0.1

sources: VULHUB: VHN-382732 // VULMON: CVE-2021-24014 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-334 // NVD: CVE-2021-24014

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-20-209	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080315	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2616	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-382732 // VULMON: CVE-2021-24014 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-334 // NVD: CVE-2021-24014

SOURCES

db:	VULHUB	id:	VHN-382732
db:	VULMON	id:	CVE-2021-24014
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-334
db:	NVD	id:	CVE-2021-24014

LAST UPDATE DATE

2024-08-14T12:07:49.503000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-382732	date:	2021-08-11T00:00:00
db:	VULMON	id:	CVE-2021-24014	date:	2021-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-334	date:	2021-08-12T00:00:00
db:	NVD	id:	CVE-2021-24014	date:	2021-08-11T17:34:27.563

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-382732	date:	2021-08-04T00:00:00
db:	VULMON	id:	CVE-2021-24014	date:	2021-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-334	date:	2021-08-03T00:00:00
db:	NVD	id:	CVE-2021-24014	date:	2021-08-04T19:15:08.373