ID

VAR-202109-1922


CVE

CVE-2021-26116


TITLE

FortiAuthenticator  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-019574

DESCRIPTION

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. FortiAuthenticator for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-26116 // JVNDB: JVNDB-2021-019574 // VULHUB: VHN-385080

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiauthenticatorscope:ltversion:6.3.1

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:gteversion:5.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortiauthenticatorscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiauthenticatorscope:eqversion:6.3.1

Trust: 0.8

sources: JVNDB: JVNDB-2021-019574 // NVD: CVE-2021-26116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-26116
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-26116
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-26116
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202109-380
value: HIGH

Trust: 0.6

VULHUB: VHN-385080
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-26116
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-385080
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-26116
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-26116
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-26116
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-385080 // JVNDB: JVNDB-2021-019574 // CNNVD: CNNVD-202109-380 // NVD: CVE-2021-26116 // NVD: CVE-2021-26116

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-385080 // JVNDB: JVNDB-2021-019574 // NVD: CVE-2021-26116

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-380

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202109-380

PATCH

title:FG-IR-21-068url:https://www.fortiguard.com/psirt/FG-IR-21-068

Trust: 0.8

title:Fortinet FortiAuthenticator Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161789

Trust: 0.6

sources: JVNDB: JVNDB-2021-019574 // CNNVD: CNNVD-202109-380

EXTERNAL IDS

db:NVDid:CVE-2021-26116

Trust: 3.3

db:JVNDBid:JVNDB-2021-019574

Trust: 0.8

db:AUSCERTid:ESB-2021.3011

Trust: 0.6

db:CNNVDid:CNNVD-202109-380

Trust: 0.6

db:VULHUBid:VHN-385080

Trust: 0.1

sources: VULHUB: VHN-385080 // JVNDB: JVNDB-2021-019574 // CNNVD: CNNVD-202109-380 // NVD: CVE-2021-26116

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-068

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-26116

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.3011

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-26116/

Trust: 0.6

sources: VULHUB: VHN-385080 // JVNDB: JVNDB-2021-019574 // CNNVD: CNNVD-202109-380 // NVD: CVE-2021-26116

SOURCES

db:VULHUBid:VHN-385080
db:JVNDBid:JVNDB-2021-019574
db:CNNVDid:CNNVD-202109-380
db:NVDid:CVE-2021-26116

LAST UPDATE DATE

2024-08-14T15:17:02.647000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-385080date:2022-04-13T00:00:00
db:JVNDBid:JVNDB-2021-019574date:2023-08-04T03:14:00
db:CNNVDid:CNNVD-202109-380date:2022-04-14T00:00:00
db:NVDid:CVE-2021-26116date:2022-04-13T17:57:17.973

SOURCES RELEASE DATE

db:VULHUBid:VHN-385080date:2022-04-06T00:00:00
db:JVNDBid:JVNDB-2021-019574date:2023-08-04T00:00:00
db:CNNVDid:CNNVD-202109-380date:2021-09-08T00:00:00
db:NVDid:CVE-2021-26116date:2022-04-06T16:15:07.967