Details of VAR-202202-1748

ID

VAR-202202-1748

CVE

CVE-2021-42753

TITLE

FortiWeb Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004775

DESCRIPTION

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. FortiWeb Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content

Trust: 1.71

sources: NVD: CVE-2021-42753 // JVNDB: JVNDB-2022-004775 // VULHUB: VHN-403816

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiweb	scope:	lt	version:	6.3.16	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lt	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	5.8.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiweb	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-004775 // NVD: CVE-2021-42753

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42753
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-42753
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-42753
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202202-127
value:	HIGH
Trust: 0.6
VULHUB:	VHN-403816
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-42753
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-403816
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-42753
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-004775
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-403816 // JVNDB: JVNDB-2022-004775 // CNNVD: CNNVD-202202-127 // NVD: CVE-2021-42753 // NVD: CVE-2021-42753

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-403816 // JVNDB: JVNDB-2022-004775 // NVD: CVE-2021-42753

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-127

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202202-127

PATCH

title:	FG-IR-21-158	url:	https://www.fortiguard.com/psirt/FG-IR-21-158	Trust: 0.8
title:	Fortinet FortiWeb Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180893	Trust: 0.6

sources: JVNDB: JVNDB-2022-004775 // CNNVD: CNNVD-202202-127

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42753	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-004775	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-127	Trust: 0.7
db:	CNVD	id:	CNVD-2022-19072	Trust: 0.1
db:	VULHUB	id:	VHN-403816	Trust: 0.1

sources: VULHUB: VHN-403816 // JVNDB: JVNDB-2022-004775 // CNNVD: CNNVD-202202-127 // NVD: CVE-2021-42753

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-158	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42753	Trust: 1.4

sources: VULHUB: VHN-403816 // JVNDB: JVNDB-2022-004775 // CNNVD: CNNVD-202202-127 // NVD: CVE-2021-42753

SOURCES

db:	VULHUB	id:	VHN-403816
db:	JVNDB	id:	JVNDB-2022-004775
db:	CNNVD	id:	CNNVD-202202-127
db:	NVD	id:	CVE-2021-42753

LAST UPDATE DATE

2024-08-14T15:42:33.442000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-403816	date:	2022-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-004775	date:	2023-05-01T08:28:00
db:	CNNVD	id:	CNNVD-202202-127	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-42753	date:	2022-02-07T14:48:54.657

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-403816	date:	2022-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-004775	date:	2023-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202202-127	date:	2022-02-02T00:00:00
db:	NVD	id:	CVE-2021-42753	date:	2022-02-02T11:15:07.833