ID

VAR-202204-0526


CVE

CVE-2021-41026


TITLE

FortiWeb  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-019575

DESCRIPTION

A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. FortiWeb Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-41026 // JVNDB: JVNDB-2021-019575 // VULHUB: VHN-402296

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:ltversion:6.3.16

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.4.0

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.3.0 to 6.3.15

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-019575 // NVD: CVE-2021-41026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41026
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-41026
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-41026
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202204-2451
value: MEDIUM

Trust: 0.6

VULHUB: VHN-402296
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-41026
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-402296
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-41026
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-019575
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-402296 // JVNDB: JVNDB-2021-019575 // CNNVD: CNNVD-202204-2451 // NVD: CVE-2021-41026 // NVD: CVE-2021-41026

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-402296 // JVNDB: JVNDB-2021-019575 // NVD: CVE-2021-41026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2451

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202204-2451

PATCH

title:FG-IR-21-156url:https://www.fortiguard.com/psirt/FG-IR-21-156

Trust: 0.8

title:Fortinet FortiWeb Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189258

Trust: 0.6

sources: JVNDB: JVNDB-2021-019575 // CNNVD: CNNVD-202204-2451

EXTERNAL IDS

db:NVDid:CVE-2021-41026

Trust: 3.3

db:JVNDBid:JVNDB-2021-019575

Trust: 0.8

db:CNNVDid:CNNVD-202204-2451

Trust: 0.6

db:VULHUBid:VHN-402296

Trust: 0.1

sources: VULHUB: VHN-402296 // JVNDB: JVNDB-2021-019575 // CNNVD: CNNVD-202204-2451 // NVD: CVE-2021-41026

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-156

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-41026

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-41026/

Trust: 0.6

sources: VULHUB: VHN-402296 // JVNDB: JVNDB-2021-019575 // CNNVD: CNNVD-202204-2451 // NVD: CVE-2021-41026

SOURCES

db:VULHUBid:VHN-402296
db:JVNDBid:JVNDB-2021-019575
db:CNNVDid:CNNVD-202204-2451
db:NVDid:CVE-2021-41026

LAST UPDATE DATE

2024-08-14T14:44:01.091000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-402296date:2022-04-13T00:00:00
db:JVNDBid:JVNDB-2021-019575date:2023-08-04T03:14:00
db:CNNVDid:CNNVD-202204-2451date:2022-04-14T00:00:00
db:NVDid:CVE-2021-41026date:2022-04-13T18:06:41.087

SOURCES RELEASE DATE

db:VULHUBid:VHN-402296date:2022-04-06T00:00:00
db:JVNDBid:JVNDB-2021-019575date:2023-08-04T00:00:00
db:CNNVDid:CNNVD-202204-2451date:2022-04-06T00:00:00
db:NVDid:CVE-2021-41026date:2022-04-06T16:15:08.070