Details of VAR-202207-0115

ID

VAR-202207-0115

CVE

CVE-2021-42755

TITLE

plural Fortinet Integer overflow vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2022-015239

DESCRIPTION

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service. plural Fortinet The product contains an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-42755 // JVNDB: JVNDB-2022-015239 // VULHUB: VHN-403817 // VULMON: CVE-2021-42755

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.4.5	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.13	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.10	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.4.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.8	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.8	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	lte	version:	7.0.2	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.6	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.17	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.4.1	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	2.0.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.4	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.10	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.26	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.9	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.15	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.12	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.14	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.3	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.12	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.20	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.4.3	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.4.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.4	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.21	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.13	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.13	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.11	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.11	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.3	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.6	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.22	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.23	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.12	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.1	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.8	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.5	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.6	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.10	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.1	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.8	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.10	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.16	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.3	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.10	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.4	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.1	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.7	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.25	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	1.0.7	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.24	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.14	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.10	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.4.3	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.5	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.4.1	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	1.1.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.13	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.5	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.8	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.9	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	lte	version:	6.4.9	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.8	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.1	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.9	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.5	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.10	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.9	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.19	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	lte	version:	6.2.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	lte	version:	6.0.7	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.6	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.11	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.18	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.4	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.14	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.12	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.2.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.4.1	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.8	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.9	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	5.3.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.11	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.4.4	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	6.0.9	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	1.2.13	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.3	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.6	Trust: 1.0
vendor:	フォーティネット	model:	fortirecorder	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortivoice	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiswitch	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiproxy	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-015239 // NVD: CVE-2021-42755

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42755
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-42755
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2022-015239
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202207-378
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-42755
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-015239
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015239 // CNNVD: CNNVD-202207-378 // NVD: CVE-2021-42755 // NVD: CVE-2021-42755

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-403817 // JVNDB: JVNDB-2022-015239 // NVD: CVE-2021-42755

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202207-378

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202207-378

PATCH

title:	FG-IR-21-155	url:	https://www.fortiguard.com/psirt/FG-IR-21-155	Trust: 0.8
title:	Fortinet FortiVoice Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198709	Trust: 0.6

sources: JVNDB: JVNDB-2022-015239 // CNNVD: CNNVD-202207-378

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42755	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-015239	Trust: 0.8
db:	CS-HELP	id:	SB2022070520	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3308	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-378	Trust: 0.6
db:	VULHUB	id:	VHN-403817	Trust: 0.1
db:	VULMON	id:	CVE-2021-42755	Trust: 0.1

sources: VULHUB: VHN-403817 // VULMON: CVE-2021-42755 // JVNDB: JVNDB-2022-015239 // CNNVD: CNNVD-202207-378 // NVD: CVE-2021-42755

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-155	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42755	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022070520	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3308	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-42755/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortinet-fortios-integer-overflow-via-dhcpd-38738	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-403817 // VULMON: CVE-2021-42755 // JVNDB: JVNDB-2022-015239 // CNNVD: CNNVD-202207-378 // NVD: CVE-2021-42755

SOURCES

db:	VULHUB	id:	VHN-403817
db:	VULMON	id:	CVE-2021-42755
db:	JVNDB	id:	JVNDB-2022-015239
db:	CNNVD	id:	CNNVD-202207-378
db:	NVD	id:	CVE-2021-42755

LAST UPDATE DATE

2024-08-14T14:02:31.490000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-403817	date:	2022-07-25T00:00:00
db:	VULMON	id:	CVE-2021-42755	date:	2022-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015239	date:	2023-09-26T02:13:00
db:	CNNVD	id:	CNNVD-202207-378	date:	2022-07-29T00:00:00
db:	NVD	id:	CVE-2021-42755	date:	2024-01-18T15:48:06.043

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-403817	date:	2022-07-18T00:00:00
db:	VULMON	id:	CVE-2021-42755	date:	2022-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015239	date:	2023-09-26T00:00:00
db:	CNNVD	id:	CNNVD-202207-378	date:	2022-07-05T00:00:00
db:	NVD	id:	CVE-2021-42755	date:	2022-07-18T17:15:08.413