ID

VAR-202112-0384


CVE

CVE-2021-41021


TITLE

FortiNAC  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016056

DESCRIPTION

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. FortiNAC Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC 8.8.8 and earlier versions and 9.1.2 and earlier versions have security vulnerabilities

Trust: 2.25

sources: NVD: CVE-2021-41021 // JVNDB: JVNDB-2021-016056 // CNNVD: CNNVD-202112-696 // VULHUB: VHN-402293

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:eqversion:8.8.1

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.8.3

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.8.4

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.8.2

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.8.5

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.8.8

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.1.1

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.1.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.8.6

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.1.2

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.8.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.8.7

Trust: 1.0

vendor:フォーティネットmodel:fortinacscope:lteversion:9.1.2 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:lteversion:8.8.8 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-016056 // NVD: CVE-2021-41021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41021
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-41021
value: HIGH

Trust: 1.0

NVD: CVE-2021-41021
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202112-696
value: MEDIUM

Trust: 0.6

VULHUB: VHN-402293
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-41021
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-402293
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-41021
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-41021
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-41021
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-402293 // JVNDB: JVNDB-2021-016056 // CNNVD: CNNVD-202112-696 // NVD: CVE-2021-41021 // NVD: CVE-2021-41021

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-269

Trust: 0.1

sources: VULHUB: VHN-402293 // JVNDB: JVNDB-2021-016056 // NVD: CVE-2021-41021

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-696

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-696

PATCH

title:FG-IR-21-182url:https://www.fortiguard.com/psirt/FG-IR-21-182

Trust: 0.8

title:Fortinet FortiNAC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174991

Trust: 0.6

sources: JVNDB: JVNDB-2021-016056 // CNNVD: CNNVD-202112-696

EXTERNAL IDS

db:NVDid:CVE-2021-41021

Trust: 3.3

db:JVNDBid:JVNDB-2021-016056

Trust: 0.8

db:CNNVDid:CNNVD-202112-696

Trust: 0.7

db:CNVDid:CNVD-2022-19076

Trust: 0.1

db:VULHUBid:VHN-402293

Trust: 0.1

sources: VULHUB: VHN-402293 // JVNDB: JVNDB-2021-016056 // CNNVD: CNNVD-202112-696 // NVD: CVE-2021-41021

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-182

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-41021

Trust: 1.4

sources: VULHUB: VHN-402293 // JVNDB: JVNDB-2021-016056 // CNNVD: CNNVD-202112-696 // NVD: CVE-2021-41021

SOURCES

db:VULHUBid:VHN-402293
db:JVNDBid:JVNDB-2021-016056
db:CNNVDid:CNNVD-202112-696
db:NVDid:CVE-2021-41021

LAST UPDATE DATE

2024-11-23T21:50:50.739000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-402293date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-016056date:2022-12-05T07:57:00
db:CNNVDid:CNNVD-202112-696date:2022-07-14T00:00:00
db:NVDid:CVE-2021-41021date:2024-11-21T06:25:16.950

SOURCES RELEASE DATE

db:VULHUBid:VHN-402293date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-016056date:2022-12-05T00:00:00
db:CNNVDid:CNNVD-202112-696date:2021-12-08T00:00:00
db:NVDid:CVE-2021-41021date:2021-12-08T18:15:18.547