Details of VAR-202110-0131

ID

VAR-202110-0131

CVE

CVE-2021-24019

TITLE

Fortinet FortiClientEms Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202110-288

DESCRIPTION

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks). Fortinet FortiClientEms is a centralized central management system of Fortinet Corporation in the United States

Trust: 1.08

sources: NVD: CVE-2021-24019 // VULHUB: VHN-382737 // VULMON: CVE-2021-24019

AFFECTED PRODUCTS

vendor:	fortinet	model:	forticlient endpoint management server	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	forticlient endpoint management server	scope:	lt	version:	6.2.9	Trust: 1.0
vendor:	fortinet	model:	forticlient endpoint management server	scope:	lt	version:	6.4.2	Trust: 1.0

sources: NVD: CVE-2021-24019

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-24019
value:	CRITICAL
Trust: 1.0
psirt@fortinet.com:	CVE-2021-24019
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202110-288
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-382737
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-24019
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-24019
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-382737
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-24019
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-24019
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-382737 // VULMON: CVE-2021-24019 // CNNVD: CNNVD-202110-288 // NVD: CVE-2021-24019 // NVD: CVE-2021-24019

PROBLEMTYPE DATA

problemtype:

CWE-613

Trust: 1.1

sources: VULHUB: VHN-382737 // NVD: CVE-2021-24019

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-288

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202110-288

PATCH

title:

Fortinet FortiClientEms Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165851

Trust: 0.6

sources: CNNVD: CNNVD-202110-288

EXTERNAL IDS

db:	NVD	id:	CVE-2021-24019	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.3293	Trust: 0.6
db:	CS-HELP	id:	SB2021100603	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-288	Trust: 0.6
db:	CNVD	id:	CNVD-2022-19077	Trust: 0.1
db:	VULHUB	id:	VHN-382737	Trust: 0.1
db:	VULMON	id:	CVE-2021-24019	Trust: 0.1

sources: VULHUB: VHN-382737 // VULMON: CVE-2021-24019 // CNNVD: CNNVD-202110-288 // NVD: CVE-2021-24019

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-20-072	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021100603	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-24019	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3293	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/613.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-382737 // VULMON: CVE-2021-24019 // CNNVD: CNNVD-202110-288 // NVD: CVE-2021-24019

SOURCES

db:	VULHUB	id:	VHN-382737
db:	VULMON	id:	CVE-2021-24019
db:	CNNVD	id:	CNNVD-202110-288
db:	NVD	id:	CVE-2021-24019

LAST UPDATE DATE

2024-08-14T13:53:53.987000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-382737	date:	2021-10-14T00:00:00
db:	VULMON	id:	CVE-2021-24019	date:	2021-10-14T00:00:00
db:	CNNVD	id:	CNNVD-202110-288	date:	2021-10-15T00:00:00
db:	NVD	id:	CVE-2021-24019	date:	2021-10-14T14:39:13.373

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-382737	date:	2021-10-06T00:00:00
db:	VULMON	id:	CVE-2021-24019	date:	2021-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202110-288	date:	2021-10-06T00:00:00
db:	NVD	id:	CVE-2021-24019	date:	2021-10-06T10:15:07.713