ID

VAR-202112-0332


CVE

CVE-2021-41014


TITLE

Fortinet FortiWeb  Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015882

DESCRIPTION

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets. Fortinet FortiWeb Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-41014 // JVNDB: JVNDB-2021-015882 // VULHUB: VHN-402287

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:lteversion:6.0.7

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.1.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.3.15

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.2.5

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.1.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.1.2

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015882 // NVD: CVE-2021-41014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41014
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-41014
value: HIGH

Trust: 1.0

NVD: CVE-2021-41014
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-641
value: HIGH

Trust: 0.6

VULHUB: VHN-402287
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-41014
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-402287
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-41014
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-015882
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-402287 // JVNDB: JVNDB-2021-015882 // CNNVD: CNNVD-202112-641 // NVD: CVE-2021-41014 // NVD: CVE-2021-41014

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-402287 // JVNDB: JVNDB-2021-015882 // NVD: CVE-2021-41014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-641

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202112-641

PATCH

title:FG-IR-21-131url:https://www.fortiguard.com/psirt/FG-IR-21-131

Trust: 0.8

title:Fortinet FortiWeb Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173890

Trust: 0.6

sources: JVNDB: JVNDB-2021-015882 // CNNVD: CNNVD-202112-641

EXTERNAL IDS

db:NVDid:CVE-2021-41014

Trust: 3.3

db:JVNDBid:JVNDB-2021-015882

Trust: 0.8

db:CNNVDid:CNNVD-202112-641

Trust: 0.6

db:VULHUBid:VHN-402287

Trust: 0.1

sources: VULHUB: VHN-402287 // JVNDB: JVNDB-2021-015882 // CNNVD: CNNVD-202112-641 // NVD: CVE-2021-41014

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-131

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-41014

Trust: 1.4

sources: VULHUB: VHN-402287 // JVNDB: JVNDB-2021-015882 // CNNVD: CNNVD-202112-641 // NVD: CVE-2021-41014

SOURCES

db:VULHUBid:VHN-402287
db:JVNDBid:JVNDB-2021-015882
db:CNNVDid:CNNVD-202112-641
db:NVDid:CVE-2021-41014

LAST UPDATE DATE

2024-08-14T14:25:06.876000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-402287date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015882date:2022-12-01T07:33:00
db:CNNVDid:CNNVD-202112-641date:2021-12-15T00:00:00
db:NVDid:CVE-2021-41014date:2021-12-09T19:49:53.003

SOURCES RELEASE DATE

db:VULHUBid:VHN-402287date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015882date:2022-12-01T00:00:00
db:CNNVDid:CNNVD-202112-641date:2021-12-08T00:00:00
db:NVDid:CVE-2021-41014date:2021-12-08T13:15:07.847