Sign-up

ID

VAR-202204-0960


CVE

CVE-2021-26112


TITLE

FortiWAN  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009338

DESCRIPTION

Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests. FortiWAN Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWAN is a network device of Fortinet Corporation of the United States. Used to perform load balancing and fault tolerance across different networks. A buffer overflow vulnerability exists in Fortinet FortiWAN versions prior to 4.5.9

Trust: 2.25

sources: NVD: CVE-2021-26112 // JVNDB: JVNDB-2022-009338 // CNVD: CNVD-2022-47982 // VULHUB: VHN-385076

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-47982

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwanscope:lteversion:4.5.8

Trust: 1.0

vendor:フォーティネットmodel:fortiwanscope:eqversion:4.5.9

Trust: 0.8

vendor:フォーティネットmodel:fortiwanscope:eqversion: -

Trust: 0.8

vendor:fortinetmodel:fortiwanscope:ltversion:4.5.9

Trust: 0.6

sources: CNVD: CNVD-2022-47982 // JVNDB: JVNDB-2022-009338 // NVD: CVE-2021-26112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-26112
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2021-26112
value: HIGH

Trust: 1.0

NVD: CVE-2021-26112
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-47982
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202204-2436
value: CRITICAL

Trust: 0.6

VULHUB: VHN-385076
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-26112
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-47982
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-385076
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-26112
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-26112
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-26112
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-47982 // VULHUB: VHN-385076 // JVNDB: JVNDB-2022-009338 // CNNVD: CNNVD-202204-2436 // NVD: CVE-2021-26112 // NVD: CVE-2021-26112

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-385076 // JVNDB: JVNDB-2022-009338 // NVD: CVE-2021-26112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2436

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202204-2436

PATCH

title:FG-IR-21-065url:https://www.fortiguard.com/psirt/FG-IR-21-065

Trust: 0.8

title:Patch for Fortinet FortiWAN Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/336041

Trust: 0.6

title:Fortinet FortiWAN Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191711

Trust: 0.6

sources: CNVD: CNVD-2022-47982 // JVNDB: JVNDB-2022-009338 // CNNVD: CNNVD-202204-2436

EXTERNAL IDS

db:NVDid:CVE-2021-26112

Trust: 3.9

db:JVNDBid:JVNDB-2022-009338

Trust: 0.8

db:CNVDid:CNVD-2022-47982

Trust: 0.7

db:CS-HELPid:SB2022040534

Trust: 0.6

db:CNNVDid:CNNVD-202204-2436

Trust: 0.6

db:VULHUBid:VHN-385076

Trust: 0.1

sources: CNVD: CNVD-2022-47982 // VULHUB: VHN-385076 // JVNDB: JVNDB-2022-009338 // CNNVD: CNNVD-202204-2436 // NVD: CVE-2021-26112

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-21-065

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-26112

Trust: 0.8

url:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-26112

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-26112/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022040534

Trust: 0.6

sources: CNVD: CNVD-2022-47982 // VULHUB: VHN-385076 // JVNDB: JVNDB-2022-009338 // CNNVD: CNNVD-202204-2436 // NVD: CVE-2021-26112

SOURCES

db:CNVDid:CNVD-2022-47982
db:VULHUBid:VHN-385076
db:JVNDBid:JVNDB-2022-009338
db:CNNVDid:CNNVD-202204-2436
db:NVDid:CVE-2021-26112

LAST UPDATE DATE

2024-08-14T14:10:52.605000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-47982date:2022-06-28T00:00:00
db:VULHUBid:VHN-385076date:2022-04-13T00:00:00
db:JVNDBid:JVNDB-2022-009338date:2023-08-04T05:00:00
db:CNNVDid:CNNVD-202204-2436date:2022-05-07T00:00:00
db:NVDid:CVE-2021-26112date:2022-04-13T18:46:09.563

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-47982date:2022-06-28T00:00:00
db:VULHUBid:VHN-385076date:2022-04-06T00:00:00
db:JVNDBid:JVNDB-2022-009338date:2023-08-04T00:00:00
db:CNNVDid:CNNVD-202204-2436date:2022-04-06T00:00:00
db:NVDid:CVE-2021-26112date:2022-04-06T10:15:07.883