Details of VAR-202112-0356

ID

VAR-202112-0356

CVE

CVE-2021-42760

TITLE

Fortinet FortiWLM In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-015999

DESCRIPTION

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FortiWLMTM is a wireless manager. FortiWLMTM versions 8.6.1 and below have a security vulnerability that could allow an unauthenticated user to pollute database data and extract sensitive information via crafted HTTP requests to send to alerts and device handlers

Trust: 1.71

sources: NVD: CVE-2021-42760 // JVNDB: JVNDB-2021-015999 // VULHUB: VHN-403822

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiwlm	scope:	lte	version:	8.6.1	Trust: 1.0
vendor:	フォーティネット	model:	fortiwlm	scope:	lte	version:	8.6.1 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	fortiwlm	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015999 // NVD: CVE-2021-42760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42760
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-42760
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-42760
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-527
value:	HIGH
Trust: 0.6
VULHUB:	VHN-403822
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-42760
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-403822
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-42760
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-015999
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-403822 // JVNDB: JVNDB-2021-015999 // CNNVD: CNNVD-202112-527 // NVD: CVE-2021-42760 // NVD: CVE-2021-42760

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.1
problemtype:	SQL injection (CWE-89) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-403822 // JVNDB: JVNDB-2021-015999 // NVD: CVE-2021-42760

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-527

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-527

PATCH

title:	FG-IR-21-129	url:	https://www.fortiguard.com/psirt/FG-IR-21-129	Trust: 0.8
title:	Fortinet FortiWLM SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173869	Trust: 0.6

sources: JVNDB: JVNDB-2021-015999 // CNNVD: CNNVD-202112-527

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42760	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015999	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-527	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.4142	Trust: 0.6
db:	CS-HELP	id:	SB2021120722	Trust: 0.6
db:	CNVD	id:	CNVD-2022-02764	Trust: 0.1
db:	VULHUB	id:	VHN-403822	Trust: 0.1

sources: VULHUB: VHN-403822 // JVNDB: JVNDB-2021-015999 // CNNVD: CNNVD-202112-527 // NVD: CVE-2021-42760

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-129	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42760	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.4142	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021120722	Trust: 0.6

sources: VULHUB: VHN-403822 // JVNDB: JVNDB-2021-015999 // CNNVD: CNNVD-202112-527 // NVD: CVE-2021-42760

SOURCES

db:	VULHUB	id:	VHN-403822
db:	JVNDB	id:	JVNDB-2021-015999
db:	CNNVD	id:	CNNVD-202112-527
db:	NVD	id:	CVE-2021-42760

LAST UPDATE DATE

2024-08-14T14:25:06.929000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-403822	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-015999	date:	2022-12-05T05:54:00
db:	CNNVD	id:	CNNVD-202112-527	date:	2021-12-13T00:00:00
db:	NVD	id:	CVE-2021-42760	date:	2021-12-09T21:28:12.890

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-403822	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-015999	date:	2022-12-05T00:00:00
db:	CNNVD	id:	CNNVD-202112-527	date:	2021-12-08T00:00:00
db:	NVD	id:	CVE-2021-42760	date:	2021-12-08T12:15:07.887