ID

VAR-202207-0087


CVE

CVE-2021-44170


TITLE

FortiOS  and  FortiProxy  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015237

DESCRIPTION

A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. FortiOS and FortiProxy Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-44170 // JVNDB: JVNDB-2022-015237 // VULHUB: VHN-406777

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.0.7

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.2.13

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:6.4.9

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:2.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.14

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.2.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.1.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:6.2.11

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:ltversion:2.0.8

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.1.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:7.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortiproxyscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:7.0.4

Trust: 0.8

sources: JVNDB: JVNDB-2022-015237 // NVD: CVE-2021-44170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-44170
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-44170
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-015237
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-373
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-44170
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-015237
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015237 // CNNVD: CNNVD-202207-373 // NVD: CVE-2021-44170 // NVD: CVE-2021-44170

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-406777 // JVNDB: JVNDB-2022-015237 // NVD: CVE-2021-44170

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-373

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-373

PATCH

title:FG-IR-21-179url:https://www.fortiguard.com/psirt/FG-IR-21-179

Trust: 0.8

title:Fortinet FortiProxy Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201339

Trust: 0.6

sources: JVNDB: JVNDB-2022-015237 // CNNVD: CNNVD-202207-373

EXTERNAL IDS

db:NVDid:CVE-2021-44170

Trust: 3.3

db:JVNDBid:JVNDB-2022-015237

Trust: 0.8

db:CS-HELPid:SB2022070513

Trust: 0.6

db:CNNVDid:CNNVD-202207-373

Trust: 0.6

db:VULHUBid:VHN-406777

Trust: 0.1

sources: VULHUB: VHN-406777 // JVNDB: JVNDB-2022-015237 // CNNVD: CNNVD-202207-373 // NVD: CVE-2021-44170

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-21-179

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-44170

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-44170/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070513

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortinet-fortios-buffer-overflow-via-cli-38742

Trust: 0.6

sources: VULHUB: VHN-406777 // JVNDB: JVNDB-2022-015237 // CNNVD: CNNVD-202207-373 // NVD: CVE-2021-44170

SOURCES

db:VULHUBid:VHN-406777
db:JVNDBid:JVNDB-2022-015237
db:CNNVDid:CNNVD-202207-373
db:NVDid:CVE-2021-44170

LAST UPDATE DATE

2024-08-14T14:55:24.630000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-406777date:2022-07-25T00:00:00
db:JVNDBid:JVNDB-2022-015237date:2023-09-26T01:58:00
db:CNNVDid:CNNVD-202207-373date:2022-07-29T00:00:00
db:NVDid:CVE-2021-44170date:2022-07-25T17:05:58.760

SOURCES RELEASE DATE

db:VULHUBid:VHN-406777date:2022-07-18T00:00:00
db:JVNDBid:JVNDB-2022-015237date:2023-09-26T00:00:00
db:CNNVDid:CNNVD-202207-373date:2022-07-05T00:00:00
db:NVDid:CVE-2021-44170date:2022-07-18T17:15:08.483