Details of VAR-202112-0524

ID

VAR-202112-0524

CVE

CVE-2021-43071

TITLE

Fortinet FortiWeb Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015919

DESCRIPTION

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. Fortinet FortiWeb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-43071 // JVNDB: JVNDB-2021-015919 // VULHUB: VHN-404121

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.3.16	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.4.1	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.2.6	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015919 // NVD: CVE-2021-43071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-43071
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-43071
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-43071
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-736
value:	HIGH
Trust: 0.6
VULHUB:	VHN-404121
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-43071
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-404121
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-43071
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-015919
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-404121 // JVNDB: JVNDB-2021-015919 // CNNVD: CNNVD-202112-736 // NVD: CVE-2021-43071 // NVD: CVE-2021-43071

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-404121 // JVNDB: JVNDB-2021-015919 // NVD: CVE-2021-43071

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-736

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-736

PATCH

title:	FG-IR-21-188	url:	https://www.fortiguard.com/psirt/FG-IR-21-188	Trust: 0.8
title:	Fortinet FortiWeb Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174032	Trust: 0.6

sources: JVNDB: JVNDB-2021-015919 // CNNVD: CNNVD-202112-736

EXTERNAL IDS

db:	NVD	id:	CVE-2021-43071	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015919	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-736	Trust: 0.6
db:	VULHUB	id:	VHN-404121	Trust: 0.1

sources: VULHUB: VHN-404121 // JVNDB: JVNDB-2021-015919 // CNNVD: CNNVD-202112-736 // NVD: CVE-2021-43071

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-188	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43071	Trust: 0.8

sources: VULHUB: VHN-404121 // JVNDB: JVNDB-2021-015919 // CNNVD: CNNVD-202112-736 // NVD: CVE-2021-43071

SOURCES

db:	VULHUB	id:	VHN-404121
db:	JVNDB	id:	JVNDB-2021-015919
db:	CNNVD	id:	CNNVD-202112-736
db:	NVD	id:	CVE-2021-43071

LAST UPDATE DATE

2024-08-14T14:18:13.383000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-404121	date:	2021-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-015919	date:	2022-12-02T06:44:00
db:	CNNVD	id:	CNNVD-202112-736	date:	2021-12-13T00:00:00
db:	NVD	id:	CVE-2021-43071	date:	2021-12-10T14:51:10.057

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-404121	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-015919	date:	2022-12-02T00:00:00
db:	CNNVD	id:	CNNVD-202112-736	date:	2021-12-09T00:00:00
db:	NVD	id:	CVE-2021-43071	date:	2021-12-09T10:15:11.953