ID

VAR-202109-0400


CVE

CVE-2021-24017


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. FortiManager has a security vulnerability that stems from improper authentication in FortiManager

Trust: 1.62

sources: NVD: CVE-2021-24017 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382735 // VULMON: CVE-2021-24017

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimanagerscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:ltversion:6.4.4

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:ltversion:6.2.7

Trust: 1.0

sources: NVD: CVE-2021-24017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-24017
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-24017
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-367
value: MEDIUM

Trust: 0.6

VULHUB: VHN-382735
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-24017
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-24017
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-382735
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-24017
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-24017
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-382735 // VULMON: CVE-2021-24017 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-367 // NVD: CVE-2021-24017 // NVD: CVE-2021-24017

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-382735 // NVD: CVE-2021-24017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-367

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Fortinet FortiManager Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162229

Trust: 0.6

sources: CNNVD: CNNVD-202109-367

EXTERNAL IDS

db:NVDid:CVE-2021-24017

Trust: 1.8

db:CNNVDid:CNNVD-202109-367

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.3003

Trust: 0.6

db:CS-HELPid:SB2021090808

Trust: 0.6

db:CNVDid:CNVD-2022-05869

Trust: 0.1

db:VULHUBid:VHN-382735

Trust: 0.1

db:VULMONid:CVE-2021-24017

Trust: 0.1

sources: VULHUB: VHN-382735 // VULMON: CVE-2021-24017 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-367 // NVD: CVE-2021-24017

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-189

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-24017

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3003

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortimanager-read-write-access-via-p-o-module-assignment-36335

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090808

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-382735 // VULMON: CVE-2021-24017 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-367 // NVD: CVE-2021-24017

SOURCES

db:VULHUBid:VHN-382735
db:VULMONid:CVE-2021-24017
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-367
db:NVDid:CVE-2021-24017

LAST UPDATE DATE

2024-08-14T12:58:01.825000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-382735date:2021-10-08T00:00:00
db:VULMONid:CVE-2021-24017date:2021-10-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-367date:2021-10-14T00:00:00
db:NVDid:CVE-2021-24017date:2021-10-08T03:12:18.733

SOURCES RELEASE DATE

db:VULHUBid:VHN-382735date:2021-09-30T00:00:00
db:VULMONid:CVE-2021-24017date:2021-09-30T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-367date:2021-09-08T00:00:00
db:NVDid:CVE-2021-24017date:2021-09-30T16:15:07.410