Details of VAR-202302-1444

ID

VAR-202302-1444

CVE

CVE-2021-42756

TITLE

fortinet's Fortiweb Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004483

DESCRIPTION

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. fortinet's Fortiweb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-42756 // JVNDB: JVNDB-2023-004483 // VULHUB: VHN-403818 // VULMON: CVE-2021-42756

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiweb	scope:	lt	version:	6.0.8	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lt	version:	6.3.17	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.1.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lt	version:	6.2.7	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lt	version:	6.1.3	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	5.6.0 that's all 6.0.8	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.4.0 to 6.4.2	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.2.0 that's all 6.2.7	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.3.0 that's all 6.3.17	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.1.0 that's all 6.1.3	Trust: 0.8

sources: JVNDB: JVNDB-2023-004483 // NVD: CVE-2021-42756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42756
value:	CRITICAL
Trust: 1.0
psirt@fortinet.com:	CVE-2021-42756
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-42756
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202302-1453
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-42756
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-42756
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004483 // CNNVD: CNNVD-202302-1453 // NVD: CVE-2021-42756 // NVD: CVE-2021-42756

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-121	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-403818 // JVNDB: JVNDB-2023-004483 // NVD: CVE-2021-42756

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1453

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1453

PATCH

title:	fortiguard.com (FG-IR-21-186)	url:	https://fortiguard.com/psirt/FG-IR-21-186	Trust: 0.8
title:	Fortinet FortiWeb Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=226819	Trust: 0.6

sources: JVNDB: JVNDB-2023-004483 // CNNVD: CNNVD-202302-1453

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42756	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-004483	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.1049	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1453	Trust: 0.6
db:	VULHUB	id:	VHN-403818	Trust: 0.1
db:	VULMON	id:	CVE-2021-42756	Trust: 0.1

sources: VULHUB: VHN-403818 // VULMON: CVE-2021-42756 // JVNDB: JVNDB-2023-004483 // CNNVD: CNNVD-202302-1453 // NVD: CVE-2021-42756

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-186	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42756	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-42756/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1049	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-403818 // VULMON: CVE-2021-42756 // JVNDB: JVNDB-2023-004483 // CNNVD: CNNVD-202302-1453 // NVD: CVE-2021-42756

SOURCES

db:	VULHUB	id:	VHN-403818
db:	VULMON	id:	CVE-2021-42756
db:	JVNDB	id:	JVNDB-2023-004483
db:	CNNVD	id:	CNNVD-202302-1453
db:	NVD	id:	CVE-2021-42756

LAST UPDATE DATE

2024-08-14T14:02:02.726000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-403818	date:	2023-02-24T00:00:00
db:	VULMON	id:	CVE-2021-42756	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004483	date:	2023-10-30T07:42:00
db:	CNNVD	id:	CNNVD-202302-1453	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2021-42756	date:	2023-11-07T03:39:14.427

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-403818	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2021-42756	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004483	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202302-1453	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2021-42756	date:	2023-02-16T19:15:11.500