ID

VAR-202202-1748


CVE

CVE-2021-42753


TITLE

FortiWeb  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004775

DESCRIPTION

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. FortiWeb Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content

Trust: 1.71

sources: NVD: CVE-2021-42753 // JVNDB: JVNDB-2022-004775 // VULHUB: VHN-403816

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:ltversion:6.3.16

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:5.8.0

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-004775 // NVD: CVE-2021-42753

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42753
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-42753
value: HIGH

Trust: 1.0

NVD: CVE-2021-42753
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202202-127
value: HIGH

Trust: 0.6

VULHUB: VHN-403816
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-42753
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-403816
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-42753
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-004775
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-403816 // JVNDB: JVNDB-2022-004775 // CNNVD: CNNVD-202202-127 // NVD: CVE-2021-42753 // NVD: CVE-2021-42753

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-403816 // JVNDB: JVNDB-2022-004775 // NVD: CVE-2021-42753

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-127

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202202-127

PATCH

title:FG-IR-21-158url:https://www.fortiguard.com/psirt/FG-IR-21-158

Trust: 0.8

title:Fortinet FortiWeb Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180893

Trust: 0.6

sources: JVNDB: JVNDB-2022-004775 // CNNVD: CNNVD-202202-127

EXTERNAL IDS

db:NVDid:CVE-2021-42753

Trust: 3.3

db:JVNDBid:JVNDB-2022-004775

Trust: 0.8

db:CNNVDid:CNNVD-202202-127

Trust: 0.7

db:CNVDid:CNVD-2022-19072

Trust: 0.1

db:VULHUBid:VHN-403816

Trust: 0.1

sources: VULHUB: VHN-403816 // JVNDB: JVNDB-2022-004775 // CNNVD: CNNVD-202202-127 // NVD: CVE-2021-42753

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-21-158

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-42753

Trust: 1.4

sources: VULHUB: VHN-403816 // JVNDB: JVNDB-2022-004775 // CNNVD: CNNVD-202202-127 // NVD: CVE-2021-42753

SOURCES

db:VULHUBid:VHN-403816
db:JVNDBid:JVNDB-2022-004775
db:CNNVDid:CNNVD-202202-127
db:NVDid:CVE-2021-42753

LAST UPDATE DATE

2024-08-14T15:42:33.442000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-403816date:2022-02-07T00:00:00
db:JVNDBid:JVNDB-2022-004775date:2023-05-01T08:28:00
db:CNNVDid:CNNVD-202202-127date:2022-03-10T00:00:00
db:NVDid:CVE-2021-42753date:2022-02-07T14:48:54.657

SOURCES RELEASE DATE

db:VULHUBid:VHN-403816date:2022-02-02T00:00:00
db:JVNDBid:JVNDB-2022-004775date:2023-05-01T00:00:00
db:CNNVDid:CNNVD-202202-127date:2022-02-02T00:00:00
db:NVDid:CVE-2021-42753date:2022-02-02T11:15:07.833