Sign-up

ID

VAR-202203-0892


CVE

CVE-2021-43070


TITLE

FortiWLM  Path traversal vulnerability in management interface

Trust: 0.8

sources: JVNDB: JVNDB-2022-006804

DESCRIPTION

Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. FortiWLM A path traversal vulnerability exists in the management interface.Information may be obtained. Fortinet FortiWLC is a wireless LAN controller from Fortinet

Trust: 1.71

sources: NVD: CVE-2021-43070 // JVNDB: JVNDB-2022-006804 // VULHUB: VHN-404120

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwlmscope:gteversion:8.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:gteversion:8.5.0

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:gteversion:8.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:gteversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.3.3

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:eqversion:8.2.2

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.5.2

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.6.2

Trust: 1.0

vendor:フォーティネットmodel:fortiwlmscope:lteversion:8.3.3 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:lteversion:8.6.2 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:lteversion:8.4.2 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:lteversion:8.5.2 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:eqversion:8.2.2

Trust: 0.8

sources: JVNDB: JVNDB-2022-006804 // NVD: CVE-2021-43070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43070
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-43070
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-43070
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202203-085
value: MEDIUM

Trust: 0.6

VULHUB: VHN-404120
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-43070
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-404120
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43070
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-43070
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-43070
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-404120 // JVNDB: JVNDB-2022-006804 // CNNVD: CNNVD-202203-085 // NVD: CVE-2021-43070 // NVD: CVE-2021-43070

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-404120 // JVNDB: JVNDB-2022-006804 // NVD: CVE-2021-43070

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-085

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202203-085

PATCH

title:FG-IR-21-106url:https://www.fortiguard.com/psirt/FG-IR-21-106

Trust: 0.8

title:Fortinet FortiWLM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184406

Trust: 0.6

sources: JVNDB: JVNDB-2022-006804 // CNNVD: CNNVD-202203-085

EXTERNAL IDS

db:NVDid:CVE-2021-43070

Trust: 3.3

db:JVNDBid:JVNDB-2022-006804

Trust: 0.8

db:AUSCERTid:ESB-2022.1513

Trust: 0.6

db:CS-HELPid:SB2022040714

Trust: 0.6

db:CNNVDid:CNNVD-202203-085

Trust: 0.6

db:CNVDid:CNVD-2022-50952

Trust: 0.1

db:VULHUBid:VHN-404120

Trust: 0.1

sources: VULHUB: VHN-404120 // JVNDB: JVNDB-2022-006804 // CNNVD: CNNVD-202203-085 // NVD: CVE-2021-43070

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-21-106

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-43070

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022040714

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-43070/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1513

Trust: 0.6

sources: VULHUB: VHN-404120 // JVNDB: JVNDB-2022-006804 // CNNVD: CNNVD-202203-085 // NVD: CVE-2021-43070

SOURCES

db:VULHUBid:VHN-404120
db:JVNDBid:JVNDB-2022-006804
db:CNNVDid:CNNVD-202203-085
db:NVDid:CVE-2021-43070

LAST UPDATE DATE

2024-11-23T23:10:56.618000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-404120date:2022-03-09T00:00:00
db:JVNDBid:JVNDB-2022-006804date:2023-07-10T02:46:00
db:CNNVDid:CNNVD-202203-085date:2022-04-08T00:00:00
db:NVDid:CVE-2021-43070date:2024-11-21T06:28:38.267

SOURCES RELEASE DATE

db:VULHUBid:VHN-404120date:2022-03-02T00:00:00
db:JVNDBid:JVNDB-2022-006804date:2023-07-10T00:00:00
db:CNNVDid:CNNVD-202203-085date:2022-03-02T00:00:00
db:NVDid:CVE-2021-43070date:2022-03-02T17:15:07.887