Details of VAR-202109-1922

ID

VAR-202109-1922

CVE

CVE-2021-26116

TITLE

FortiAuthenticator In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-019574

DESCRIPTION

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. FortiAuthenticator for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-26116 // JVNDB: JVNDB-2021-019574 // VULHUB: VHN-385080

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiauthenticator	scope:	lt	version:	6.3.1	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiauthenticator	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiauthenticator	scope:	eq	version:	6.3.1	Trust: 0.8

sources: JVNDB: JVNDB-2021-019574 // NVD: CVE-2021-26116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26116
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26116
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-26116
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202109-380
value:	HIGH
Trust: 0.6
VULHUB:	VHN-385080
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-26116
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-385080
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-26116
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26116
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-26116
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-385080 // JVNDB: JVNDB-2021-019574 // CNNVD: CNNVD-202109-380 // NVD: CVE-2021-26116 // NVD: CVE-2021-26116

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-385080 // JVNDB: JVNDB-2021-019574 // NVD: CVE-2021-26116

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-380

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202109-380

PATCH

title:	FG-IR-21-068	url:	https://www.fortiguard.com/psirt/FG-IR-21-068	Trust: 0.8
title:	Fortinet FortiAuthenticator Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161789	Trust: 0.6

sources: JVNDB: JVNDB-2021-019574 // CNNVD: CNNVD-202109-380

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26116	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-019574	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3011	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-380	Trust: 0.6
db:	VULHUB	id:	VHN-385080	Trust: 0.1

sources: VULHUB: VHN-385080 // JVNDB: JVNDB-2021-019574 // CNNVD: CNNVD-202109-380 // NVD: CVE-2021-26116

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-068	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26116	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3011	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-26116/	Trust: 0.6

sources: VULHUB: VHN-385080 // JVNDB: JVNDB-2021-019574 // CNNVD: CNNVD-202109-380 // NVD: CVE-2021-26116

SOURCES

db:	VULHUB	id:	VHN-385080
db:	JVNDB	id:	JVNDB-2021-019574
db:	CNNVD	id:	CNNVD-202109-380
db:	NVD	id:	CVE-2021-26116

LAST UPDATE DATE

2024-08-14T15:17:02.647000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-385080	date:	2022-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-019574	date:	2023-08-04T03:14:00
db:	CNNVD	id:	CNNVD-202109-380	date:	2022-04-14T00:00:00
db:	NVD	id:	CVE-2021-26116	date:	2022-04-13T17:57:17.973

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-385080	date:	2022-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-019574	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202109-380	date:	2021-09-08T00:00:00
db:	NVD	id:	CVE-2021-26116	date:	2022-04-06T16:15:07.967