ID

VAR-202110-0131


CVE

CVE-2021-24019


TITLE

Fortinet FortiClientEms Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202110-288

DESCRIPTION

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks). Fortinet FortiClientEms is a centralized central management system of Fortinet Corporation in the United States

Trust: 1.08

sources: NVD: CVE-2021-24019 // VULHUB: VHN-382737 // VULMON: CVE-2021-24019

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlient endpoint management serverscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:forticlient endpoint management serverscope:ltversion:6.2.9

Trust: 1.0

vendor:fortinetmodel:forticlient endpoint management serverscope:ltversion:6.4.2

Trust: 1.0

sources: NVD: CVE-2021-24019

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-24019
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2021-24019
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202110-288
value: CRITICAL

Trust: 0.6

VULHUB: VHN-382737
value: HIGH

Trust: 0.1

VULMON: CVE-2021-24019
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-24019
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-382737
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-24019
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-24019
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-382737 // VULMON: CVE-2021-24019 // CNNVD: CNNVD-202110-288 // NVD: CVE-2021-24019 // NVD: CVE-2021-24019

PROBLEMTYPE DATA

problemtype:CWE-613

Trust: 1.1

sources: VULHUB: VHN-382737 // NVD: CVE-2021-24019

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-288

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202110-288

PATCH

title:Fortinet FortiClientEms Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165851

Trust: 0.6

sources: CNNVD: CNNVD-202110-288

EXTERNAL IDS

db:NVDid:CVE-2021-24019

Trust: 1.8

db:AUSCERTid:ESB-2021.3293

Trust: 0.6

db:CS-HELPid:SB2021100603

Trust: 0.6

db:CNNVDid:CNNVD-202110-288

Trust: 0.6

db:CNVDid:CNVD-2022-19077

Trust: 0.1

db:VULHUBid:VHN-382737

Trust: 0.1

db:VULMONid:CVE-2021-24019

Trust: 0.1

sources: VULHUB: VHN-382737 // VULMON: CVE-2021-24019 // CNNVD: CNNVD-202110-288 // NVD: CVE-2021-24019

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-072

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021100603

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-24019

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3293

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/613.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-382737 // VULMON: CVE-2021-24019 // CNNVD: CNNVD-202110-288 // NVD: CVE-2021-24019

SOURCES

db:VULHUBid:VHN-382737
db:VULMONid:CVE-2021-24019
db:CNNVDid:CNNVD-202110-288
db:NVDid:CVE-2021-24019

LAST UPDATE DATE

2024-08-14T13:53:53.987000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-382737date:2021-10-14T00:00:00
db:VULMONid:CVE-2021-24019date:2021-10-14T00:00:00
db:CNNVDid:CNNVD-202110-288date:2021-10-15T00:00:00
db:NVDid:CVE-2021-24019date:2021-10-14T14:39:13.373

SOURCES RELEASE DATE

db:VULHUBid:VHN-382737date:2021-10-06T00:00:00
db:VULMONid:CVE-2021-24019date:2021-10-06T00:00:00
db:CNNVDid:CNNVD-202110-288date:2021-10-06T00:00:00
db:NVDid:CVE-2021-24019date:2021-10-06T10:15:07.713