ID

VAR-202110-0149


CVE

CVE-2021-36170


TITLE

Fortinet FortiManager VM and FortiAnalyzerVm Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202110-220

DESCRIPTION

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext

Trust: 1.08

sources: NVD: CVE-2021-36170 // VULHUB: VHN-398091 // VULMON: CVE-2021-36170

AFFECTED PRODUCTS

vendor:fortinetmodel:fortianalyzerscope:lteversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:ltversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:ltversion:6.4.7

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:ltversion:6.4.7

Trust: 1.0

sources: NVD: CVE-2021-36170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36170
value: LOW

Trust: 1.0

psirt@fortinet.com: CVE-2021-36170
value: LOW

Trust: 1.0

CNNVD: CNNVD-202110-220
value: LOW

Trust: 0.6

VULHUB: VHN-398091
value: LOW

Trust: 0.1

VULMON: CVE-2021-36170
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-36170
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-398091
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36170
baseSeverity: LOW
baseScore: 3.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 1.4
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-398091 // VULMON: CVE-2021-36170 // CNNVD: CNNVD-202110-220 // NVD: CVE-2021-36170 // NVD: CVE-2021-36170

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

sources: VULHUB: VHN-398091 // NVD: CVE-2021-36170

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-220

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202110-220

PATCH

title:Fortinet FortiManager VM and FortiAnalyzerVm Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164903

Trust: 0.6

sources: CNNVD: CNNVD-202110-220

EXTERNAL IDS

db:NVDid:CVE-2021-36170

Trust: 1.8

db:CS-HELPid:SB2021100604

Trust: 0.6

db:AUSCERTid:ESB-2021.3288

Trust: 0.6

db:CNNVDid:CNNVD-202110-220

Trust: 0.6

db:VULHUBid:VHN-398091

Trust: 0.1

db:VULMONid:CVE-2021-36170

Trust: 0.1

sources: VULHUB: VHN-398091 // VULMON: CVE-2021-36170 // CNNVD: CNNVD-202110-220 // NVD: CVE-2021-36170

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-112

Trust: 1.8

url:https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-logged-sensitive-information-via-forticloud-credentials-36600

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3288

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-36170

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021100604

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/522.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-398091 // VULMON: CVE-2021-36170 // CNNVD: CNNVD-202110-220 // NVD: CVE-2021-36170

SOURCES

db:VULHUBid:VHN-398091
db:VULMONid:CVE-2021-36170
db:CNNVDid:CNNVD-202110-220
db:NVDid:CVE-2021-36170

LAST UPDATE DATE

2024-08-14T15:37:53.364000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398091date:2021-10-14T00:00:00
db:VULMONid:CVE-2021-36170date:2021-10-14T00:00:00
db:CNNVDid:CNNVD-202110-220date:2021-10-15T00:00:00
db:NVDid:CVE-2021-36170date:2021-10-14T14:10:34.840

SOURCES RELEASE DATE

db:VULHUBid:VHN-398091date:2021-10-06T00:00:00
db:VULMONid:CVE-2021-36170date:2021-10-06T00:00:00
db:CNNVDid:CNNVD-202110-220date:2021-10-05T00:00:00
db:NVDid:CVE-2021-36170date:2021-10-06T10:15:07.873