Details of VAR-202112-0332

ID

VAR-202112-0332

CVE

CVE-2021-41014

TITLE

Fortinet FortiWeb Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015882

DESCRIPTION

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets. Fortinet FortiWeb Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-41014 // JVNDB: JVNDB-2021-015882 // VULHUB: VHN-402287

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.0.7	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.4.1	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.1.1	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.3.15	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.2.5	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.1.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.1.2	Trust: 1.0
vendor:	フォーティネット	model:	fortiweb	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015882 // NVD: CVE-2021-41014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41014
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-41014
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-41014
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-641
value:	HIGH
Trust: 0.6
VULHUB:	VHN-402287
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-41014
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-402287
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-41014
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-015882
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-402287 // JVNDB: JVNDB-2021-015882 // CNNVD: CNNVD-202112-641 // NVD: CVE-2021-41014 // NVD: CVE-2021-41014

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-402287 // JVNDB: JVNDB-2021-015882 // NVD: CVE-2021-41014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-641

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202112-641

PATCH

title:	FG-IR-21-131	url:	https://www.fortiguard.com/psirt/FG-IR-21-131	Trust: 0.8
title:	Fortinet FortiWeb Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173890	Trust: 0.6

sources: JVNDB: JVNDB-2021-015882 // CNNVD: CNNVD-202112-641

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41014	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015882	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-641	Trust: 0.6
db:	VULHUB	id:	VHN-402287	Trust: 0.1

sources: VULHUB: VHN-402287 // JVNDB: JVNDB-2021-015882 // CNNVD: CNNVD-202112-641 // NVD: CVE-2021-41014

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-131	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41014	Trust: 1.4

sources: VULHUB: VHN-402287 // JVNDB: JVNDB-2021-015882 // CNNVD: CNNVD-202112-641 // NVD: CVE-2021-41014

SOURCES

db:	VULHUB	id:	VHN-402287
db:	JVNDB	id:	JVNDB-2021-015882
db:	CNNVD	id:	CNNVD-202112-641
db:	NVD	id:	CVE-2021-41014

LAST UPDATE DATE

2024-08-14T14:25:06.876000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-402287	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-015882	date:	2022-12-01T07:33:00
db:	CNNVD	id:	CNNVD-202112-641	date:	2021-12-15T00:00:00
db:	NVD	id:	CVE-2021-41014	date:	2021-12-09T19:49:53.003

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-402287	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-015882	date:	2022-12-01T00:00:00
db:	CNNVD	id:	CNNVD-202112-641	date:	2021-12-08T00:00:00
db:	NVD	id:	CVE-2021-41014	date:	2021-12-08T13:15:07.847