ID

VAR-202108-0712


CVE

CVE-2021-36168


TITLE

Fortinet FortiPortal  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011889

DESCRIPTION

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values. Fortinet FortiPortal Exists in a past traversal vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-36168 // JVNDB: JVNDB-2021-011889 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-398090 // VULMON: CVE-2021-36168

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiportalscope:ltversion:6.0.5

Trust: 1.0

vendor:fortinetmodel:fortiportalscope:gteversion:5.3.0

Trust: 1.0

vendor:fortinetmodel:fortiportalscope:ltversion:5.3.6

Trust: 1.0

vendor:fortinetmodel:fortiportalscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiportalscope:ltversion:5.2.6

Trust: 1.0

vendor:フォーティネットmodel:fortiportalscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiportalscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-011889 // NVD: CVE-2021-36168

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36168
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-36168
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-36168
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-279
value: MEDIUM

Trust: 0.6

VULHUB: VHN-398090
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-36168
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36168
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-398090
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36168
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-011889
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398090 // VULMON: CVE-2021-36168 // JVNDB: JVNDB-2021-011889 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-279 // NVD: CVE-2021-36168 // NVD: CVE-2021-36168

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398090 // JVNDB: JVNDB-2021-011889 // NVD: CVE-2021-36168

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-279

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:FG-IR-21-085url:https://www.fortiguard.com/psirt/FG-IR-21-085

Trust: 0.8

sources: JVNDB: JVNDB-2021-011889

EXTERNAL IDS

db:NVDid:CVE-2021-36168

Trust: 3.4

db:JVNDBid:JVNDB-2021-011889

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021080312

Trust: 0.6

db:AUSCERTid:ESB-2021.2613

Trust: 0.6

db:CNNVDid:CNNVD-202108-279

Trust: 0.6

db:VULHUBid:VHN-398090

Trust: 0.1

db:VULMONid:CVE-2021-36168

Trust: 0.1

sources: VULHUB: VHN-398090 // VULMON: CVE-2021-36168 // JVNDB: JVNDB-2021-011889 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-279 // NVD: CVE-2021-36168

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-085

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-36168

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2613

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080312

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-398090 // VULMON: CVE-2021-36168 // JVNDB: JVNDB-2021-011889 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-279 // NVD: CVE-2021-36168

SOURCES

db:VULHUBid:VHN-398090
db:VULMONid:CVE-2021-36168
db:JVNDBid:JVNDB-2021-011889
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-279
db:NVDid:CVE-2021-36168

LAST UPDATE DATE

2024-08-14T12:24:12.141000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398090date:2021-08-10T00:00:00
db:VULMONid:CVE-2021-36168date:2021-08-10T00:00:00
db:JVNDBid:JVNDB-2021-011889date:2022-08-16T01:59:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-279date:2021-08-11T00:00:00
db:NVDid:CVE-2021-36168date:2021-08-10T23:47:27.087

SOURCES RELEASE DATE

db:VULHUBid:VHN-398090date:2021-08-04T00:00:00
db:VULMONid:CVE-2021-36168date:2021-08-04T00:00:00
db:JVNDBid:JVNDB-2021-011889date:2022-08-16T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-279date:2021-08-03T00:00:00
db:NVDid:CVE-2021-36168date:2021-08-04T15:15:09.117