Sign-up

ID

VAR-202203-0905


CVE

CVE-2021-43077


TITLE

Fortinet FortiWLM  In SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-007384

DESCRIPTION

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLC is a wireless LAN controller from Fortinet. An SQL injection vulnerability exists in Fortinet FortiWLC. The vulnerability stems from insufficient sanitization of user-provided data in the AP monitoring handler. Attackers can use this vulnerability to send specially crafted requests to the affected application and execute arbitrary SQL in the application database. Order

Trust: 1.71

sources: NVD: CVE-2021-43077 // JVNDB: JVNDB-2022-007384 // VULHUB: VHN-404127

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwlmscope:gteversion:8.5.0

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.3.2

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:ltversion:8.6.3

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:gteversion:8.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:gteversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortiwlmscope:lteversion:8.5.2

Trust: 1.0

vendor:フォーティネットmodel:fortiwlmscope:eqversion:8.3.2 to

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:eqversion:8.4.0 to 8.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:eqversion:8.6.0 to 8.6.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwlmscope:eqversion:8.5.0 to 8.5.2

Trust: 0.8

sources: JVNDB: JVNDB-2022-007384 // NVD: CVE-2021-43077

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43077
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-43077
value: HIGH

Trust: 1.0

NVD: CVE-2021-43077
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202203-035
value: HIGH

Trust: 0.6

VULHUB: VHN-404127
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-43077
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-404127
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43077
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-007384
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-404127 // JVNDB: JVNDB-2022-007384 // CNNVD: CNNVD-202203-035 // NVD: CVE-2021-43077 // NVD: CVE-2021-43077

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-404127 // JVNDB: JVNDB-2022-007384 // NVD: CVE-2021-43077

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-035

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202203-035

PATCH

title:FG-IR-21-189url:https://www.fortiguard.com/psirt/FG-IR-21-189

Trust: 0.8

title:Fortinet FortiWLM SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184275

Trust: 0.6

sources: JVNDB: JVNDB-2022-007384 // CNNVD: CNNVD-202203-035

EXTERNAL IDS

db:NVDid:CVE-2021-43077

Trust: 3.3

db:JVNDBid:JVNDB-2022-007384

Trust: 0.8

db:AUSCERTid:ESB-2022.0864

Trust: 0.6

db:CS-HELPid:SB2022030128

Trust: 0.6

db:CNNVDid:CNNVD-202203-035

Trust: 0.6

db:CNVDid:CNVD-2022-50953

Trust: 0.1

db:VULHUBid:VHN-404127

Trust: 0.1

sources: VULHUB: VHN-404127 // JVNDB: JVNDB-2022-007384 // CNNVD: CNNVD-202203-035 // NVD: CVE-2021-43077

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-189

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-43077

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-43077/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030128

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0864

Trust: 0.6

sources: VULHUB: VHN-404127 // JVNDB: JVNDB-2022-007384 // CNNVD: CNNVD-202203-035 // NVD: CVE-2021-43077

SOURCES

db:VULHUBid:VHN-404127
db:JVNDBid:JVNDB-2022-007384
db:CNNVDid:CNNVD-202203-035
db:NVDid:CVE-2021-43077

LAST UPDATE DATE

2024-11-23T22:20:33.808000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-404127date:2022-03-09T00:00:00
db:JVNDBid:JVNDB-2022-007384date:2023-07-14T02:46:00
db:CNNVDid:CNNVD-202203-035date:2022-04-01T00:00:00
db:NVDid:CVE-2021-43077date:2024-11-21T06:28:39.100

SOURCES RELEASE DATE

db:VULHUBid:VHN-404127date:2022-03-01T00:00:00
db:JVNDBid:JVNDB-2022-007384date:2023-07-14T00:00:00
db:CNNVDid:CNNVD-202203-035date:2022-03-01T00:00:00
db:NVDid:CVE-2021-43077date:2022-03-01T19:15:08.530