ID

VAR-202112-0356


CVE

CVE-2021-42760


TITLE

Fortinet FortiWLM  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-015999

DESCRIPTION

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FortiWLMTM is a wireless manager. FortiWLMTM versions 8.6.1 and below have a security vulnerability that could allow an unauthenticated user to pollute database data and extract sensitive information via crafted HTTP requests to send to alerts and device handlers

Trust: 1.71

sources: NVD: CVE-2021-42760 // JVNDB: JVNDB-2021-015999 // VULHUB: VHN-403822

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwlmscope:lteversion:8.6.1

Trust: 1.0

vendor:フォーティネットmodel:fortiwlmscope:lteversion:8.6.1 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015999 // NVD: CVE-2021-42760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42760
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-42760
value: HIGH

Trust: 1.0

NVD: CVE-2021-42760
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-527
value: HIGH

Trust: 0.6

VULHUB: VHN-403822
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-42760
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-403822
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-42760
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-015999
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-403822 // JVNDB: JVNDB-2021-015999 // CNNVD: CNNVD-202112-527 // NVD: CVE-2021-42760 // NVD: CVE-2021-42760

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-403822 // JVNDB: JVNDB-2021-015999 // NVD: CVE-2021-42760

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-527

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-527

PATCH

title:FG-IR-21-129url:https://www.fortiguard.com/psirt/FG-IR-21-129

Trust: 0.8

title:Fortinet FortiWLM SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173869

Trust: 0.6

sources: JVNDB: JVNDB-2021-015999 // CNNVD: CNNVD-202112-527

EXTERNAL IDS

db:NVDid:CVE-2021-42760

Trust: 3.3

db:JVNDBid:JVNDB-2021-015999

Trust: 0.8

db:CNNVDid:CNNVD-202112-527

Trust: 0.7

db:AUSCERTid:ESB-2021.4142

Trust: 0.6

db:CS-HELPid:SB2021120722

Trust: 0.6

db:CNVDid:CNVD-2022-02764

Trust: 0.1

db:VULHUBid:VHN-403822

Trust: 0.1

sources: VULHUB: VHN-403822 // JVNDB: JVNDB-2021-015999 // CNNVD: CNNVD-202112-527 // NVD: CVE-2021-42760

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-129

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-42760

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.4142

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120722

Trust: 0.6

sources: VULHUB: VHN-403822 // JVNDB: JVNDB-2021-015999 // CNNVD: CNNVD-202112-527 // NVD: CVE-2021-42760

SOURCES

db:VULHUBid:VHN-403822
db:JVNDBid:JVNDB-2021-015999
db:CNNVDid:CNNVD-202112-527
db:NVDid:CVE-2021-42760

LAST UPDATE DATE

2024-11-23T22:05:05.879000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-403822date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015999date:2022-12-05T05:54:00
db:CNNVDid:CNNVD-202112-527date:2021-12-13T00:00:00
db:NVDid:CVE-2021-42760date:2024-11-21T06:28:07.037

SOURCES RELEASE DATE

db:VULHUBid:VHN-403822date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015999date:2022-12-05T00:00:00
db:CNNVDid:CNNVD-202112-527date:2021-12-08T00:00:00
db:NVDid:CVE-2021-42760date:2021-12-08T12:15:07.887