ID

VAR-202112-0524


CVE

CVE-2021-43071


TITLE

Fortinet FortiWeb  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015919

DESCRIPTION

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. Fortinet FortiWeb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-43071 // JVNDB: JVNDB-2021-015919 // VULHUB: VHN-404121

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.3.16

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.2.6

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015919 // NVD: CVE-2021-43071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43071
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-43071
value: HIGH

Trust: 1.0

NVD: CVE-2021-43071
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-736
value: HIGH

Trust: 0.6

VULHUB: VHN-404121
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-43071
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-404121
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43071
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-015919
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-404121 // JVNDB: JVNDB-2021-015919 // CNNVD: CNNVD-202112-736 // NVD: CVE-2021-43071 // NVD: CVE-2021-43071

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-404121 // JVNDB: JVNDB-2021-015919 // NVD: CVE-2021-43071

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-736

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-736

PATCH

title:FG-IR-21-188url:https://www.fortiguard.com/psirt/FG-IR-21-188

Trust: 0.8

title:Fortinet FortiWeb Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174032

Trust: 0.6

sources: JVNDB: JVNDB-2021-015919 // CNNVD: CNNVD-202112-736

EXTERNAL IDS

db:NVDid:CVE-2021-43071

Trust: 3.3

db:JVNDBid:JVNDB-2021-015919

Trust: 0.8

db:CNNVDid:CNNVD-202112-736

Trust: 0.6

db:VULHUBid:VHN-404121

Trust: 0.1

sources: VULHUB: VHN-404121 // JVNDB: JVNDB-2021-015919 // CNNVD: CNNVD-202112-736 // NVD: CVE-2021-43071

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-188

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-43071

Trust: 0.8

sources: VULHUB: VHN-404121 // JVNDB: JVNDB-2021-015919 // CNNVD: CNNVD-202112-736 // NVD: CVE-2021-43071

SOURCES

db:VULHUBid:VHN-404121
db:JVNDBid:JVNDB-2021-015919
db:CNNVDid:CNNVD-202112-736
db:NVDid:CVE-2021-43071

LAST UPDATE DATE

2024-08-14T14:18:13.383000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-404121date:2021-12-10T00:00:00
db:JVNDBid:JVNDB-2021-015919date:2022-12-02T06:44:00
db:CNNVDid:CNNVD-202112-736date:2021-12-13T00:00:00
db:NVDid:CVE-2021-43071date:2021-12-10T14:51:10.057

SOURCES RELEASE DATE

db:VULHUBid:VHN-404121date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015919date:2022-12-02T00:00:00
db:CNNVDid:CNNVD-202112-736date:2021-12-09T00:00:00
db:NVDid:CVE-2021-43071date:2021-12-09T10:15:11.953