ID

VAR-202111-0307


CVE

CVE-2021-36184


TITLE

Fortinet FortiWLM  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-014567

DESCRIPTION

A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information may be obtained. Fortinet FortiWLC is a wireless LAN controller from Fortinet

Trust: 2.25

sources: NVD: CVE-2021-36184 // JVNDB: JVNDB-2021-014567 // CNVD: CNVD-2021-84256 // VULHUB: VHN-398003

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-84256

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwlmscope:gteversion:8.2.2

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.6.1

Trust: 1.0

vendor:フォーティネットmodel:fortiwlmscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:lteversion:8.6.1 and earlier

Trust: 0.8

vendor:fortinetmodel:fortiwlcscope:lteversion:<=8.6.1

Trust: 0.6

sources: CNVD: CNVD-2021-84256 // JVNDB: JVNDB-2021-014567 // NVD: CVE-2021-36184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36184
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-36184
value: HIGH

Trust: 1.0

NVD: CVE-2021-36184
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-84256
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202111-336
value: MEDIUM

Trust: 0.6

VULHUB: VHN-398003
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36184
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-84256
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-398003
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36184
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-36184
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-36184
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-84256 // VULHUB: VHN-398003 // JVNDB: JVNDB-2021-014567 // CNNVD: CNNVD-202111-336 // NVD: CVE-2021-36184 // NVD: CVE-2021-36184

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398003 // JVNDB: JVNDB-2021-014567 // NVD: CVE-2021-36184

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-336

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202111-336

PATCH

title:FG-IR-21-107url:https://www.fortiguard.com/psirt/FG-IR-21-107

Trust: 0.8

title:Patch for Fortinet FortiWLM SQL injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/296831

Trust: 0.6

title:Fortinet FortiWLC SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169637

Trust: 0.6

sources: CNVD: CNVD-2021-84256 // JVNDB: JVNDB-2021-014567 // CNNVD: CNNVD-202111-336

EXTERNAL IDS

db:NVDid:CVE-2021-36184

Trust: 3.9

db:JVNDBid:JVNDB-2021-014567

Trust: 0.8

db:CNNVDid:CNNVD-202111-336

Trust: 0.7

db:CNVDid:CNVD-2021-84256

Trust: 0.6

db:CS-HELPid:SB2021120918

Trust: 0.6

db:VULHUBid:VHN-398003

Trust: 0.1

sources: CNVD: CNVD-2021-84256 // VULHUB: VHN-398003 // JVNDB: JVNDB-2021-014567 // CNNVD: CNNVD-202111-336 // NVD: CVE-2021-36184

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-36184

Trust: 2.0

url:https://fortiguard.com/advisory/fg-ir-21-107

Trust: 1.7

url:https://www.cybersecurity-help.cz/vdb/sb2021120918

Trust: 0.6

sources: CNVD: CNVD-2021-84256 // VULHUB: VHN-398003 // JVNDB: JVNDB-2021-014567 // CNNVD: CNNVD-202111-336 // NVD: CVE-2021-36184

SOURCES

db:CNVDid:CNVD-2021-84256
db:VULHUBid:VHN-398003
db:JVNDBid:JVNDB-2021-014567
db:CNNVDid:CNNVD-202111-336
db:NVDid:CVE-2021-36184

LAST UPDATE DATE

2024-08-14T14:31:31.576000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-84256date:2021-11-05T00:00:00
db:VULHUBid:VHN-398003date:2021-11-04T00:00:00
db:JVNDBid:JVNDB-2021-014567date:2022-10-20T07:50:00
db:CNNVDid:CNNVD-202111-336date:2021-12-13T00:00:00
db:NVDid:CVE-2021-36184date:2021-11-04T14:36:17.723

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-84256date:2021-11-05T00:00:00
db:VULHUBid:VHN-398003date:2021-11-02T00:00:00
db:JVNDBid:JVNDB-2021-014567date:2022-10-20T00:00:00
db:CNNVDid:CNNVD-202111-336date:2021-11-02T00:00:00
db:NVDid:CVE-2021-36184date:2021-11-02T19:15:07.873