Details of VAR-202203-0906

ID

VAR-202203-0906

CVE

CVE-2021-43075

TITLE

Fortinet FortiWLM Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-18538

DESCRIPTION

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. Fortinet FortiWLC is a wireless LAN controller from Fortinet. There is a command injection vulnerability in Fortinet FortiWLC

Trust: 1.53

sources: NVD: CVE-2021-43075 // CNVD: CNVD-2022-18538 // VULHUB: VHN-404125

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-18538

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiwlm	scope:	gte	version:	8.5.0	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	lte	version:	8.3.2	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	lt	version:	8.6.3	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	lte	version:	8.4.2	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	gte	version:	8.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	gte	version:	8.6.0	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	lte	version:	8.5.2	Trust: 1.0
vendor:	fortinet	model:	fortiwlm	scope:	lte	version:	<=8.3.2	Trust: 0.6
vendor:	fortinet	model:	fortiwlm	scope:	gte	version:	8.4.0,<=8.4.2	Trust: 0.6
vendor:	fortinet	model:	fortiwlm	scope:	gte	version:	8.5.0,<=8.5.2	Trust: 0.6
vendor:	fortinet	model:	fortiwlm	scope:	gte	version:	8.6.0,<8.6.3	Trust: 0.6

sources: CNVD: CNVD-2022-18538 // NVD: CVE-2021-43075

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-43075
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-43075
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-18538
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202203-036
value:	HIGH
Trust: 0.6
VULHUB:	VHN-404125
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-43075
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2022-18538
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-404125
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-43075
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2022-18538 // VULHUB: VHN-404125 // CNNVD: CNNVD-202203-036 // NVD: CVE-2021-43075 // NVD: CVE-2021-43075

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.1

sources: VULHUB: VHN-404125 // NVD: CVE-2021-43075

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-036

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202203-036

PATCH

title:	Patch for Fortinet FortiWLM Command Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/325061	Trust: 0.6
title:	Fortinet FortiWLM Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184276	Trust: 0.6

sources: CNVD: CNVD-2022-18538 // CNNVD: CNNVD-202203-036

EXTERNAL IDS

db:	NVD	id:	CVE-2021-43075	Trust: 2.3
db:	CNVD	id:	CNVD-2022-18538	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.0865	Trust: 0.6
db:	CS-HELP	id:	SB2022030128	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-036	Trust: 0.6
db:	VULHUB	id:	VHN-404125	Trust: 0.1

sources: CNVD: CNVD-2022-18538 // VULHUB: VHN-404125 // CNNVD: CNNVD-202203-036 // NVD: CVE-2021-43075

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-128	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43075	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-43075/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030128	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0865	Trust: 0.6

sources: CNVD: CNVD-2022-18538 // VULHUB: VHN-404125 // CNNVD: CNNVD-202203-036 // NVD: CVE-2021-43075

SOURCES

db:	CNVD	id:	CNVD-2022-18538
db:	VULHUB	id:	VHN-404125
db:	CNNVD	id:	CNNVD-202203-036
db:	NVD	id:	CVE-2021-43075

LAST UPDATE DATE

2024-11-23T22:20:33.834000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-18538	date:	2022-03-11T00:00:00
db:	VULHUB	id:	VHN-404125	date:	2022-03-09T00:00:00
db:	CNNVD	id:	CNNVD-202203-036	date:	2022-04-01T00:00:00
db:	NVD	id:	CVE-2021-43075	date:	2024-11-21T06:28:38.870

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-18538	date:	2022-03-11T00:00:00
db:	VULHUB	id:	VHN-404125	date:	2022-03-01T00:00:00
db:	CNNVD	id:	CNNVD-202203-036	date:	2022-03-01T00:00:00
db:	NVD	id:	CVE-2021-43075	date:	2022-03-01T19:15:08.480