ID

VAR-202108-0730


CVE

CVE-2021-26096


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-26096 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385060 // VULMON: CVE-2021-26096

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:ltversion:3.2.3

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.1.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0

Trust: 1.0

sources: NVD: CVE-2021-26096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-26096
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-26096
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-329
value: HIGH

Trust: 0.6

VULHUB: VHN-385060
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-26096
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-26096
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-385060
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-26096
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-26096
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 1.6
impactScore: 4.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-385060 // VULMON: CVE-2021-26096 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-329 // NVD: CVE-2021-26096 // NVD: CVE-2021-26096

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-385060 // NVD: CVE-2021-26096

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-329

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Fortinet FortiSandbox Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159655

Trust: 0.6

sources: CNNVD: CNNVD-202108-329

EXTERNAL IDS

db:NVDid:CVE-2021-26096

Trust: 1.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021080315

Trust: 0.6

db:AUSCERTid:ESB-2021.2616

Trust: 0.6

db:CNNVDid:CNNVD-202108-329

Trust: 0.6

db:VULHUBid:VHN-385060

Trust: 0.1

db:VULMONid:CVE-2021-26096

Trust: 0.1

sources: VULHUB: VHN-385060 // VULMON: CVE-2021-26096 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-329 // NVD: CVE-2021-26096

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-188

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080315

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2616

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-385060 // VULMON: CVE-2021-26096 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-329 // NVD: CVE-2021-26096

SOURCES

db:VULHUBid:VHN-385060
db:VULMONid:CVE-2021-26096
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-329
db:NVDid:CVE-2021-26096

LAST UPDATE DATE

2024-08-14T12:37:26.623000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-385060date:2021-08-11T00:00:00
db:VULMONid:CVE-2021-26096date:2021-08-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-329date:2021-08-12T00:00:00
db:NVDid:CVE-2021-26096date:2021-08-11T18:13:37.637

SOURCES RELEASE DATE

db:VULHUBid:VHN-385060date:2021-08-04T00:00:00
db:VULMONid:CVE-2021-26096date:2021-08-04T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-329date:2021-08-03T00:00:00
db:NVDid:CVE-2021-26096date:2021-08-04T18:15:09.377