Sign-up

ID

VAR-202112-0729


CVE

CVE-2021-42758


TITLE

FortiWLC  Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016088

DESCRIPTION

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. FortiWLC Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-42758 // JVNDB: JVNDB-2021-016088 // VULHUB: VHN-403820

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwlcscope:eqversion:8.1.2

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.4.7

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:gteversion:8.5.0

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.6.1

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:lteversion:8.2.7

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.4.5

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.4.6

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:lteversion:8.3.3

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.1.3

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.4.1

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.4.8

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.0.5

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:gteversion:8.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:gteversion:8.2.4

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.4.4

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.0.6

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:lteversion:8.5.5

Trust: 1.0

vendor:フォーティネットmodel:fortiwlcscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwlcscope:lteversion:8.6.1 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2021-016088 // NVD: CVE-2021-42758

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42758
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-42758
value: HIGH

Trust: 1.0

NVD: CVE-2021-42758
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-634
value: HIGH

Trust: 0.6

VULHUB: VHN-403820
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-42758
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-403820
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-42758
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-016088
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-403820 // JVNDB: JVNDB-2021-016088 // CNNVD: CNNVD-202112-634 // NVD: CVE-2021-42758 // NVD: CVE-2021-42758

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-403820 // JVNDB: JVNDB-2021-016088 // NVD: CVE-2021-42758

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-634

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202112-634

PATCH

title:FG-IR-21-200url:https://fortiguard.com/advisory/FG-IR-21-200

Trust: 0.8

title:Fortinet FortiWLC Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173883

Trust: 0.6

sources: JVNDB: JVNDB-2021-016088 // CNNVD: CNNVD-202112-634

EXTERNAL IDS

db:NVDid:CVE-2021-42758

Trust: 3.3

db:JVNDBid:JVNDB-2021-016088

Trust: 0.8

db:CNNVDid:CNNVD-202112-634

Trust: 0.6

db:VULHUBid:VHN-403820

Trust: 0.1

sources: VULHUB: VHN-403820 // JVNDB: JVNDB-2021-016088 // CNNVD: CNNVD-202112-634 // NVD: CVE-2021-42758

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-200

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-42758

Trust: 1.4

sources: VULHUB: VHN-403820 // JVNDB: JVNDB-2021-016088 // CNNVD: CNNVD-202112-634 // NVD: CVE-2021-42758

SOURCES

db:VULHUBid:VHN-403820
db:JVNDBid:JVNDB-2021-016088
db:CNNVDid:CNNVD-202112-634
db:NVDid:CVE-2021-42758

LAST UPDATE DATE

2024-08-14T15:11:43.941000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-403820date:2021-12-10T00:00:00
db:JVNDBid:JVNDB-2021-016088date:2022-12-06T07:32:00
db:CNNVDid:CNNVD-202112-634date:2021-12-13T00:00:00
db:NVDid:CVE-2021-42758date:2021-12-10T22:18:40.400

SOURCES RELEASE DATE

db:VULHUBid:VHN-403820date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-016088date:2022-12-06T00:00:00
db:CNNVDid:CNNVD-202112-634date:2021-12-08T00:00:00
db:NVDid:CVE-2021-42758date:2021-12-08T11:15:11.887