ID

VAR-202112-0525


CVE

CVE-2021-43065


TITLE

FortiNAC  Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015921

DESCRIPTION

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. FortiNAC Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that could allow an authenticated attacker to access sensitive system data, thereby elevating the authority of an authenticated user to an administrator

Trust: 2.25

sources: NVD: CVE-2021-43065 // JVNDB: JVNDB-2021-015921 // CNNVD: CNNVD-202112-524 // VULHUB: VHN-404115

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:ltversion:8.8.10

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.8.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.2.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:ltversion:9.1.4

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.1.0

Trust: 1.0

vendor:フォーティネットmodel:fortinacscope:lteversion:9.1.3 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:lteversion:9.2.0 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:lteversion:8.8.9 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2021-015921 // NVD: CVE-2021-43065

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43065
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-43065
value: HIGH

Trust: 1.0

NVD: CVE-2021-43065
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-524
value: HIGH

Trust: 0.6

VULHUB: VHN-404115
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-43065
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-404115
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43065
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-015921
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-404115 // JVNDB: JVNDB-2021-015921 // CNNVD: CNNVD-202112-524 // NVD: CVE-2021-43065 // NVD: CVE-2021-43065

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-404115 // JVNDB: JVNDB-2021-015921 // NVD: CVE-2021-43065

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-524

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-524

PATCH

title:FG-IR-21-178url:https://www.fortiguard.com/psirt/FG-IR-21-178

Trust: 0.8

title:Fortinet FortiNAC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173979

Trust: 0.6

sources: JVNDB: JVNDB-2021-015921 // CNNVD: CNNVD-202112-524

EXTERNAL IDS

db:NVDid:CVE-2021-43065

Trust: 3.3

db:JVNDBid:JVNDB-2021-015921

Trust: 0.8

db:CNNVDid:CNNVD-202112-524

Trust: 0.7

db:AUSCERTid:ESB-2021.4151

Trust: 0.6

db:CS-HELPid:SB2021120719

Trust: 0.6

db:CNVDid:CNVD-2021-102801

Trust: 0.1

db:VULHUBid:VHN-404115

Trust: 0.1

sources: VULHUB: VHN-404115 // JVNDB: JVNDB-2021-015921 // CNNVD: CNNVD-202112-524 // NVD: CVE-2021-43065

REFERENCES

url:https://github.com/orangecertcc/security-research/security/advisories/ghsa-8wx4-g5p9-348h

Trust: 2.5

url:https://fortiguard.com/advisory/fg-ir-21-178

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-43065

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021120719

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4151

Trust: 0.6

sources: VULHUB: VHN-404115 // JVNDB: JVNDB-2021-015921 // CNNVD: CNNVD-202112-524 // NVD: CVE-2021-43065

SOURCES

db:VULHUBid:VHN-404115
db:JVNDBid:JVNDB-2021-015921
db:CNNVDid:CNNVD-202112-524
db:NVDid:CVE-2021-43065

LAST UPDATE DATE

2024-11-23T22:32:59.482000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-404115date:2022-07-28T00:00:00
db:JVNDBid:JVNDB-2021-015921date:2022-12-02T07:27:00
db:CNNVDid:CNNVD-202112-524date:2022-08-10T00:00:00
db:NVDid:CVE-2021-43065date:2024-11-21T06:28:37.820

SOURCES RELEASE DATE

db:VULHUBid:VHN-404115date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015921date:2022-12-02T00:00:00
db:CNNVDid:CNNVD-202112-524date:2021-12-08T00:00:00
db:NVDid:CVE-2021-43065date:2021-12-09T10:15:11.847