Details of VAR-202108-0730

ID

VAR-202108-0730

CVE

CVE-2021-26096

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-26096 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385060 // VULMON: CVE-2021-26096

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	3.2.3	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	3.1.4	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	3.2.0	Trust: 1.0

sources: NVD: CVE-2021-26096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26096
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26096
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-329
value:	HIGH
Trust: 0.6
VULHUB:	VHN-385060
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-26096
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-26096
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-385060
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-26096
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26096
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	1.6
impactScore:	4.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-385060 // VULMON: CVE-2021-26096 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-329 // NVD: CVE-2021-26096 // NVD: CVE-2021-26096

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-385060 // NVD: CVE-2021-26096

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-329

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

Fortinet FortiSandbox Buffer error vulnerability fix

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159655

Trust: 0.6

sources: CNNVD: CNNVD-202108-329

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26096	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021080315	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2616	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-329	Trust: 0.6
db:	VULHUB	id:	VHN-385060	Trust: 0.1
db:	VULMON	id:	CVE-2021-26096	Trust: 0.1

sources: VULHUB: VHN-385060 // VULMON: CVE-2021-26096 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-329 // NVD: CVE-2021-26096

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-20-188	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080315	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2616	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-385060 // VULMON: CVE-2021-26096 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-329 // NVD: CVE-2021-26096

SOURCES

db:	VULHUB	id:	VHN-385060
db:	VULMON	id:	CVE-2021-26096
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-329
db:	NVD	id:	CVE-2021-26096

LAST UPDATE DATE

2024-08-14T12:37:26.623000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-385060	date:	2021-08-11T00:00:00
db:	VULMON	id:	CVE-2021-26096	date:	2021-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-329	date:	2021-08-12T00:00:00
db:	NVD	id:	CVE-2021-26096	date:	2021-08-11T18:13:37.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-385060	date:	2021-08-04T00:00:00
db:	VULMON	id:	CVE-2021-26096	date:	2021-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-329	date:	2021-08-03T00:00:00
db:	NVD	id:	CVE-2021-26096	date:	2021-08-04T18:15:09.377