ID

VAR-202111-0313


CVE

CVE-2021-36185


TITLE

Fortinet FortiWLM  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-014535

DESCRIPTION

A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Fortinet FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLC is a wireless LAN controller from Fortinet

Trust: 2.34

sources: NVD: CVE-2021-36185 // JVNDB: JVNDB-2021-014535 // CNVD: CNVD-2021-84257 // VULHUB: VHN-398004 // VULMON: CVE-2021-36185

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-84257

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwlmscope:gteversion:8.2.2

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.6.1

Trust: 1.0

vendor:フォーティネットmodel:fortiwlmscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:lteversion:8.6.1 and earlier

Trust: 0.8

vendor:fortinetmodel:fortiwlcscope:lteversion:<=8.6.1

Trust: 0.6

sources: CNVD: CNVD-2021-84257 // JVNDB: JVNDB-2021-014535 // NVD: CVE-2021-36185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36185
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-36185
value: HIGH

Trust: 1.0

NVD: CVE-2021-36185
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-84257
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202111-335
value: HIGH

Trust: 0.6

VULHUB: VHN-398004
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-36185
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36185
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-84257
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-398004
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36185
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-014535
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-84257 // VULHUB: VHN-398004 // VULMON: CVE-2021-36185 // JVNDB: JVNDB-2021-014535 // CNNVD: CNNVD-202111-335 // NVD: CVE-2021-36185 // NVD: CVE-2021-36185

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398004 // JVNDB: JVNDB-2021-014535 // NVD: CVE-2021-36185

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-335

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202111-335

PATCH

title:FG-IR-21-110url:https://www.fortiguard.com/psirt/FG-IR-21-110

Trust: 0.8

title:Patch for Fortinet FortiWLM has unspecified vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/296836

Trust: 0.6

title:Fortinet FortiWLC Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169477

Trust: 0.6

sources: CNVD: CNVD-2021-84257 // JVNDB: JVNDB-2021-014535 // CNNVD: CNNVD-202111-335

EXTERNAL IDS

db:NVDid:CVE-2021-36185

Trust: 4.0

db:JVNDBid:JVNDB-2021-014535

Trust: 0.8

db:CNNVDid:CNNVD-202111-335

Trust: 0.7

db:CNVDid:CNVD-2021-84257

Trust: 0.6

db:CS-HELPid:SB2021120918

Trust: 0.6

db:VULHUBid:VHN-398004

Trust: 0.1

db:VULMONid:CVE-2021-36185

Trust: 0.1

sources: CNVD: CNVD-2021-84257 // VULHUB: VHN-398004 // VULMON: CVE-2021-36185 // JVNDB: JVNDB-2021-014535 // CNNVD: CNNVD-202111-335 // NVD: CVE-2021-36185

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-36185

Trust: 2.0

url:https://fortiguard.com/advisory/fg-ir-21-110

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021120918

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-84257 // VULHUB: VHN-398004 // VULMON: CVE-2021-36185 // JVNDB: JVNDB-2021-014535 // CNNVD: CNNVD-202111-335 // NVD: CVE-2021-36185

SOURCES

db:CNVDid:CNVD-2021-84257
db:VULHUBid:VHN-398004
db:VULMONid:CVE-2021-36185
db:JVNDBid:JVNDB-2021-014535
db:CNNVDid:CNNVD-202111-335
db:NVDid:CVE-2021-36185

LAST UPDATE DATE

2024-08-14T14:31:31.608000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-84257date:2021-11-05T00:00:00
db:VULHUBid:VHN-398004date:2021-11-04T00:00:00
db:VULMONid:CVE-2021-36185date:2021-11-04T00:00:00
db:JVNDBid:JVNDB-2021-014535date:2022-10-20T04:37:00
db:CNNVDid:CNNVD-202111-335date:2021-12-13T00:00:00
db:NVDid:CVE-2021-36185date:2021-11-04T13:58:34.310

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-84257date:2021-11-05T00:00:00
db:VULHUBid:VHN-398004date:2021-11-02T00:00:00
db:VULMONid:CVE-2021-36185date:2021-11-02T00:00:00
db:JVNDBid:JVNDB-2021-014535date:2022-10-20T00:00:00
db:CNNVDid:CNNVD-202111-335date:2021-11-02T00:00:00
db:NVDid:CVE-2021-36185date:2021-11-02T19:15:07.920