ID

VAR-202302-1444


CVE

CVE-2021-42756


TITLE

fortinet's  Fortiweb  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004483

DESCRIPTION

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. fortinet's Fortiweb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-42756 // JVNDB: JVNDB-2023-004483 // VULHUB: VHN-403818 // VULMON: CVE-2021-42756

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:ltversion:6.0.8

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.3.17

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:5.6.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.1.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.2.7

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.1.3

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion:5.6.0 that's all 6.0.8

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0 to 6.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.2.0 that's all 6.2.7

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.3.0 that's all 6.3.17

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.1.0 that's all 6.1.3

Trust: 0.8

sources: JVNDB: JVNDB-2023-004483 // NVD: CVE-2021-42756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42756
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2021-42756
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-42756
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202302-1453
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2021-42756
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-42756
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004483 // CNNVD: CNNVD-202302-1453 // NVD: CVE-2021-42756 // NVD: CVE-2021-42756

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-403818 // JVNDB: JVNDB-2023-004483 // NVD: CVE-2021-42756

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1453

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1453

PATCH

title:fortiguard.com (FG-IR-21-186)url:https://fortiguard.com/psirt/FG-IR-21-186

Trust: 0.8

title:Fortinet FortiWeb Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226819

Trust: 0.6

sources: JVNDB: JVNDB-2023-004483 // CNNVD: CNNVD-202302-1453

EXTERNAL IDS

db:NVDid:CVE-2021-42756

Trust: 3.4

db:JVNDBid:JVNDB-2023-004483

Trust: 0.8

db:AUSCERTid:ESB-2023.1049

Trust: 0.6

db:CNNVDid:CNNVD-202302-1453

Trust: 0.6

db:VULHUBid:VHN-403818

Trust: 0.1

db:VULMONid:CVE-2021-42756

Trust: 0.1

sources: VULHUB: VHN-403818 // VULMON: CVE-2021-42756 // JVNDB: JVNDB-2023-004483 // CNNVD: CNNVD-202302-1453 // NVD: CVE-2021-42756

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-21-186

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-42756

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-42756/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1049

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-403818 // VULMON: CVE-2021-42756 // JVNDB: JVNDB-2023-004483 // CNNVD: CNNVD-202302-1453 // NVD: CVE-2021-42756

SOURCES

db:VULHUBid:VHN-403818
db:VULMONid:CVE-2021-42756
db:JVNDBid:JVNDB-2023-004483
db:CNNVDid:CNNVD-202302-1453
db:NVDid:CVE-2021-42756

LAST UPDATE DATE

2024-08-14T14:02:02.726000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-403818date:2023-02-24T00:00:00
db:VULMONid:CVE-2021-42756date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004483date:2023-10-30T07:42:00
db:CNNVDid:CNNVD-202302-1453date:2023-02-27T00:00:00
db:NVDid:CVE-2021-42756date:2023-11-07T03:39:14.427

SOURCES RELEASE DATE

db:VULHUBid:VHN-403818date:2023-02-16T00:00:00
db:VULMONid:CVE-2021-42756date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004483date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1453date:2023-02-16T00:00:00
db:NVDid:CVE-2021-42756date:2023-02-16T19:15:11.500