ID

VAR-202112-0400


CVE

CVE-2021-36194


TITLE

FortiWeb  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015928

DESCRIPTION

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. FortiWeb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content

Trust: 1.71

sources: NVD: CVE-2021-36194 // JVNDB: JVNDB-2021-015928 // VULHUB: VHN-398104

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.3.15

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015928 // NVD: CVE-2021-36194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36194
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-36194
value: HIGH

Trust: 1.0

NVD: CVE-2021-36194
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-753
value: HIGH

Trust: 0.6

VULHUB: VHN-398104
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36194
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398104
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36194
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-015928
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398104 // JVNDB: JVNDB-2021-015928 // CNNVD: CNNVD-202112-753 // NVD: CVE-2021-36194 // NVD: CVE-2021-36194

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398104 // JVNDB: JVNDB-2021-015928 // NVD: CVE-2021-36194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-753

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-753

PATCH

title:FG-IR-21-152url:https://www.fortiguard.com/psirt/FG-IR-21-152

Trust: 0.8

title:Fortinet FortiWeb Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174033

Trust: 0.6

sources: JVNDB: JVNDB-2021-015928 // CNNVD: CNNVD-202112-753

EXTERNAL IDS

db:NVDid:CVE-2021-36194

Trust: 3.3

db:JVNDBid:JVNDB-2021-015928

Trust: 0.8

db:CNNVDid:CNNVD-202112-753

Trust: 0.7

db:VULHUBid:VHN-398104

Trust: 0.1

sources: VULHUB: VHN-398104 // JVNDB: JVNDB-2021-015928 // CNNVD: CNNVD-202112-753 // NVD: CVE-2021-36194

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-152

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-36194

Trust: 0.8

sources: VULHUB: VHN-398104 // JVNDB: JVNDB-2021-015928 // CNNVD: CNNVD-202112-753 // NVD: CVE-2021-36194

SOURCES

db:VULHUBid:VHN-398104
db:JVNDBid:JVNDB-2021-015928
db:CNNVDid:CNNVD-202112-753
db:NVDid:CVE-2021-36194

LAST UPDATE DATE

2024-08-14T13:43:08.269000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398104date:2021-12-10T00:00:00
db:JVNDBid:JVNDB-2021-015928date:2022-12-02T08:22:00
db:CNNVDid:CNNVD-202112-753date:2021-12-13T00:00:00
db:NVDid:CVE-2021-36194date:2021-12-10T15:16:26.977

SOURCES RELEASE DATE

db:VULHUBid:VHN-398104date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015928date:2022-12-02T00:00:00
db:CNNVDid:CNNVD-202112-753date:2021-12-09T00:00:00
db:NVDid:CVE-2021-36194date:2021-12-09T09:15:07.020