Details of VAR-202111-0307

ID

VAR-202111-0307

CVE

CVE-2021-36184

TITLE

Fortinet FortiWLM In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-014567

DESCRIPTION

A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information may be obtained. Fortinet FortiWLC is a wireless LAN controller from Fortinet

Trust: 2.25

sources: NVD: CVE-2021-36184 // JVNDB: JVNDB-2021-014567 // CNVD: CNVD-2021-84256 // VULHUB: VHN-398003

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-84256

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiwlm	scope:	gte	version:	8.2.2	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	lte	version:	8.6.1	Trust: 1.0
vendor:	フォーティネット	model:	fortiwlm	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiwlm	scope:	lte	version:	8.6.1 and earlier	Trust: 0.8
vendor:	fortinet	model:	fortiwlc	scope:	lte	version:	<=8.6.1	Trust: 0.6

sources: CNVD: CNVD-2021-84256 // JVNDB: JVNDB-2021-014567 // NVD: CVE-2021-36184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36184
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-36184
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-36184
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-84256
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202111-336
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-398003
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36184
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-84256
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-398003
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36184
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-36184
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36184
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-84256 // VULHUB: VHN-398003 // JVNDB: JVNDB-2021-014567 // CNNVD: CNNVD-202111-336 // NVD: CVE-2021-36184 // NVD: CVE-2021-36184

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.1
problemtype:	SQL injection (CWE-89) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398003 // JVNDB: JVNDB-2021-014567 // NVD: CVE-2021-36184

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-336

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202111-336

PATCH

title:	FG-IR-21-107	url:	https://www.fortiguard.com/psirt/FG-IR-21-107	Trust: 0.8
title:	Patch for Fortinet FortiWLM SQL injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/296831	Trust: 0.6
title:	Fortinet FortiWLC SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169637	Trust: 0.6

sources: CNVD: CNVD-2021-84256 // JVNDB: JVNDB-2021-014567 // CNNVD: CNNVD-202111-336

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36184	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-014567	Trust: 0.8
db:	CNNVD	id:	CNNVD-202111-336	Trust: 0.7
db:	CNVD	id:	CNVD-2021-84256	Trust: 0.6
db:	CS-HELP	id:	SB2021120918	Trust: 0.6
db:	VULHUB	id:	VHN-398003	Trust: 0.1

sources: CNVD: CNVD-2021-84256 // VULHUB: VHN-398003 // JVNDB: JVNDB-2021-014567 // CNNVD: CNNVD-202111-336 // NVD: CVE-2021-36184

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-36184	Trust: 2.0
url:	https://fortiguard.com/advisory/fg-ir-21-107	Trust: 1.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021120918	Trust: 0.6

sources: CNVD: CNVD-2021-84256 // VULHUB: VHN-398003 // JVNDB: JVNDB-2021-014567 // CNNVD: CNNVD-202111-336 // NVD: CVE-2021-36184

SOURCES

db:	CNVD	id:	CNVD-2021-84256
db:	VULHUB	id:	VHN-398003
db:	JVNDB	id:	JVNDB-2021-014567
db:	CNNVD	id:	CNNVD-202111-336
db:	NVD	id:	CVE-2021-36184

LAST UPDATE DATE

2024-08-14T14:31:31.576000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-84256	date:	2021-11-05T00:00:00
db:	VULHUB	id:	VHN-398003	date:	2021-11-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-014567	date:	2022-10-20T07:50:00
db:	CNNVD	id:	CNNVD-202111-336	date:	2021-12-13T00:00:00
db:	NVD	id:	CVE-2021-36184	date:	2021-11-04T14:36:17.723

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-84256	date:	2021-11-05T00:00:00
db:	VULHUB	id:	VHN-398003	date:	2021-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-014567	date:	2022-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202111-336	date:	2021-11-02T00:00:00
db:	NVD	id:	CVE-2021-36184	date:	2021-11-02T19:15:07.873