Details of VAR-202207-0087

ID

VAR-202207-0087

CVE

CVE-2021-44170

TITLE

FortiOS and FortiProxy Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015237

DESCRIPTION

A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. FortiOS and FortiProxy Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-44170 // JVNDB: JVNDB-2022-015237 // VULHUB: VHN-406777

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	1.0.7	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	1.2.13	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	6.4.9	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	6.0.14	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	1.1.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	6.2.11	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	7.0.2	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	2.0.8	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiproxy	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.0.4	Trust: 0.8

sources: JVNDB: JVNDB-2022-015237 // NVD: CVE-2021-44170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-44170
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-44170
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2022-015237
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202207-373
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-44170
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-015237
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015237 // CNNVD: CNNVD-202207-373 // NVD: CVE-2021-44170 // NVD: CVE-2021-44170

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-406777 // JVNDB: JVNDB-2022-015237 // NVD: CVE-2021-44170

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-373

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-373

PATCH

title:	FG-IR-21-179	url:	https://www.fortiguard.com/psirt/FG-IR-21-179	Trust: 0.8
title:	Fortinet FortiProxy Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201339	Trust: 0.6

sources: JVNDB: JVNDB-2022-015237 // CNNVD: CNNVD-202207-373

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44170	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-015237	Trust: 0.8
db:	CS-HELP	id:	SB2022070513	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-373	Trust: 0.6
db:	VULHUB	id:	VHN-406777	Trust: 0.1

sources: VULHUB: VHN-406777 // JVNDB: JVNDB-2022-015237 // CNNVD: CNNVD-202207-373 // NVD: CVE-2021-44170

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-179	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44170	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-44170/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070513	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortinet-fortios-buffer-overflow-via-cli-38742	Trust: 0.6

sources: VULHUB: VHN-406777 // JVNDB: JVNDB-2022-015237 // CNNVD: CNNVD-202207-373 // NVD: CVE-2021-44170

SOURCES

db:	VULHUB	id:	VHN-406777
db:	JVNDB	id:	JVNDB-2022-015237
db:	CNNVD	id:	CNNVD-202207-373
db:	NVD	id:	CVE-2021-44170

LAST UPDATE DATE

2024-08-14T14:55:24.630000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-406777	date:	2022-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2022-015237	date:	2023-09-26T01:58:00
db:	CNNVD	id:	CNNVD-202207-373	date:	2022-07-29T00:00:00
db:	NVD	id:	CVE-2021-44170	date:	2022-07-25T17:05:58.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-406777	date:	2022-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015237	date:	2023-09-26T00:00:00
db:	CNNVD	id:	CNNVD-202207-373	date:	2022-07-05T00:00:00
db:	NVD	id:	CVE-2021-44170	date:	2022-07-18T17:15:08.483