{"vulnerability": "cve-2021-3617", "sightings": [{"uuid": "e71462ec-eea9-4a98-896b-6a867b838147", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36171", "type": "seen", "source": "https://t.me/cibsecurity/38269", "content": "\u203c CVE-2021-36171 \u203c\n\nThe use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T20:24:25.000000Z"}, {"uuid": "ffcd7391-37ee-4a4f-8143-e496967324ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36177", "type": "seen", "source": "https://t.me/cibsecurity/36697", "content": "\u203c CVE-2021-36177 \u203c\n\nAn improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-02T14:28:23.000000Z"}, {"uuid": "8e61d462-0cbf-4de9-be6d-7f5a7aca82d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36173", "type": "seen", "source": "https://t.me/cibsecurity/33641", "content": "\u203c CVE-2021-36173 \u203c\n\nA heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T22:23:03.000000Z"}, {"uuid": "b4778c07-9907-4abe-b262-e4abc6a50bbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36178", "type": "seen", "source": "https://t.me/cibsecurity/30032", "content": "\u203c CVE-2021-36178 \u203c\n\nA insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-06T14:37:54.000000Z"}, {"uuid": "d999f3ee-3658-4eb7-86d4-ca04fe6ecd70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36170", "type": "seen", "source": "https://t.me/cibsecurity/30027", "content": "\u203c CVE-2021-36170 \u203c\n\nAn information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-06T14:31:48.000000Z"}, {"uuid": "257732ce-1e18-48ba-bb95-866dac88973b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36176", "type": "seen", "source": "https://t.me/cibsecurity/31621", "content": "\u203c CVE-2021-36176 \u203c\n\nMultiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-02T21:23:02.000000Z"}, {"uuid": "881cdda8-2730-4f7c-9b3c-c4381248534f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36172", "type": "seen", "source": "https://t.me/cibsecurity/31620", "content": "\u203c CVE-2021-36172 \u203c\n\nAn improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-02T21:22:57.000000Z"}, {"uuid": "da885f89-923f-4e4e-9fd0-90f1c494b18c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36175", "type": "seen", "source": "https://t.me/cibsecurity/30033", "content": "\u203c CVE-2021-36175 \u203c\n\nAn improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-06T14:37:55.000000Z"}, {"uuid": "4a2d0b26-1dae-4d8c-a2a1-2b94d6d8f5b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3617", "type": "seen", "source": "https://t.me/cibsecurity/27439", "content": "\u203c CVE-2021-3617 \u203c\n\nA vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-17T20:16:00.000000Z"}]}