Sign-up

ID

VAR-202109-1925


CVE

CVE-2021-22127


TITLE

Linux  for  FortiClient  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-019572

DESCRIPTION

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name. Linux for FortiClient for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-22127 // JVNDB: JVNDB-2021-019572 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380536

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:ltversion:6.4.3

Trust: 1.0

vendor:fortinetmodel:forticlientscope:ltversion:6.2.9

Trust: 1.0

vendor:フォーティネットmodel:forticlientscope:ltversion:6.2.x

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:ltversion:6.4.x

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:eqversion:6.4.3

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:eqversion:6.2.9

Trust: 0.8

sources: JVNDB: JVNDB-2021-019572 // NVD: CVE-2021-22127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22127
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-22127
value: HIGH

Trust: 1.0

NVD: CVE-2021-22127
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202109-373
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380536
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-22127
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380536
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22127
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-22127
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22127
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380536 // JVNDB: JVNDB-2021-019572 // CNNVD: CNNVD-202109-373 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22127 // NVD: CVE-2021-22127

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380536 // JVNDB: JVNDB-2021-019572 // NVD: CVE-2021-22127

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-373

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202109-373

PATCH

title:FG-IR-20-241url:https://www.fortiguard.com/psirt/FG-IR-20-241

Trust: 0.8

title:Fortinet FortiClient Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162231

Trust: 0.6

sources: JVNDB: JVNDB-2021-019572 // CNNVD: CNNVD-202109-373

EXTERNAL IDS

db:NVDid:CVE-2021-22127

Trust: 3.3

db:JVNDBid:JVNDB-2021-019572

Trust: 0.8

db:CS-HELPid:SB2021090807

Trust: 0.6

db:AUSCERTid:ESB-2021.3012

Trust: 0.6

db:CNNVDid:CNNVD-202109-373

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-380536

Trust: 0.1

sources: VULHUB: VHN-380536 // JVNDB: JVNDB-2021-019572 // CNNVD: CNNVD-202109-373 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22127

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-241

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22127

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3012

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-22127/

Trust: 0.6

url:https://vigilance.fr/vulnerability/forticlient-linux-code-execution-via-network-ssid-36337

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090807

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

sources: VULHUB: VHN-380536 // JVNDB: JVNDB-2021-019572 // CNNVD: CNNVD-202109-373 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22127

SOURCES

db:VULHUBid:VHN-380536
db:JVNDBid:JVNDB-2021-019572
db:CNNVDid:CNNVD-202109-373
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-22127

LAST UPDATE DATE

2024-08-14T12:41:48.749000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380536date:2022-04-13T00:00:00
db:JVNDBid:JVNDB-2021-019572date:2023-08-04T03:14:00
db:CNNVDid:CNNVD-202109-373date:2022-04-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-22127date:2022-04-13T18:00:34.033

SOURCES RELEASE DATE

db:VULHUBid:VHN-380536date:2022-04-06T00:00:00
db:JVNDBid:JVNDB-2021-019572date:2023-08-04T00:00:00
db:CNNVDid:CNNVD-202109-373date:2021-09-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-22127date:2022-04-06T16:15:07.787