cvelistv5 - cve-2021-41022

CVE-2021-41022 (GCVE-0-2021-41022)

Vulnerability from cvelistv5 – Published: 2021-11-02 18:23 – Updated: 2024-10-25 13:46

Summary

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C

CWE

Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/advisory/FG-IR-21-176

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiSIEMWindowsAgent	Affected: FortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.2, 3.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:59:30.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-176"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-41022",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:13:24.050265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:46:06.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiSIEMWindowsAgent",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.2, 3.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-02T18:23:56",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-176"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-41022",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiSIEMWindowsAgent",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.2, 3.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-176",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-176"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-41022",
    "datePublished": "2021-11-02T18:23:56",
    "dateReserved": "2021-09-13T00:00:00",
    "dateUpdated": "2024-10-25T13:46:06.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.1.0\", \"versionEndIncluding\": \"4.1.4\", \"matchCriteriaId\": \"B052CC93-F0C7-4094-B859-42DF247C9521\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts\"}, {\"lang\": \"es\", \"value\": \"Una administraci\\u00f3n inapropiada de privilegios en Fortinet FortiSIEM Windows Agent versi\\u00f3n 4.1.4 y por debajo, permite a un atacante ejecutar c\\u00f3digo o comandos privilegiados por medio de scripts powershell\"}]",
      "id": "CVE-2021-41022",
      "lastModified": "2024-11-21T06:25:17.117",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-11-02T19:15:08.073",
      "references": "[{\"url\": \"https://fortiguard.com/advisory/FG-IR-21-176\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-21-176\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-41022\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2021-11-02T19:15:08.073\",\"lastModified\":\"2024-11-21T06:25:17.117\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts\"},{\"lang\":\"es\",\"value\":\"Una administraci\u00f3n inapropiada de privilegios en Fortinet FortiSIEM Windows Agent versi\u00f3n 4.1.4 y por debajo, permite a un atacante ejecutar c\u00f3digo o comandos privilegiados por medio de scripts powershell\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.0\",\"versionEndIncluding\":\"4.1.4\",\"matchCriteriaId\":\"B052CC93-F0C7-4094-B859-42DF247C9521\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/advisory/FG-IR-21-176\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-21-176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-21-176\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T02:59:30.336Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-41022\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T14:13:24.050265Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T14:17:08.117Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C\", \"temporalScore\": 7.5, \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"remediationLevel\": \"OFFICIAL_FIX\", \"reportConfidence\": \"CONFIRMED\", \"temporalSeverity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"exploitCodeMaturity\": \"NOT_DEFINED\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"Fortinet FortiSIEMWindowsAgent\", \"versions\": [{\"status\": \"affected\", \"version\": \"FortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.2, 3.1.0\"}]}], \"references\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-21-176\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2021-11-02T18:23:56\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"Unchanged\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"Local\", \"baseSeverity\": \"High\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C\", \"integrityImpact\": \"High\", \"userInteraction\": \"None\", \"attackComplexity\": \"Low\", \"availabilityImpact\": \"High\", \"privilegesRequired\": \"Low\", \"confidentialityImpact\": \"High\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"FortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.2, 3.1.0\"}]}, \"product_name\": \"Fortinet FortiSIEMWindowsAgent\"}]}, \"vendor_name\": \"Fortinet\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-21-176\", \"name\": \"https://fortiguard.com/advisory/FG-IR-21-176\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Execute unauthorized code or commands\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-41022\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-41022\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T13:46:06.528Z\", \"dateReserved\": \"2021-09-13T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2021-11-02T18:23:56\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2021-AVI-907

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Fortinet FortiSIEM. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiSIEM	FortiSIEM Windows Agent versions antérieures à 4.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-21-176 du 02 novembre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSIEM Windows Agent versions ant\u00e9rieures \u00e0 4.1.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-41022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41022"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-907",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiSIEM. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiSIEM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-176 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-176"
    }
  ]
}

CERTFR-2021-AVI-907

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Fortinet FortiSIEM. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiSIEM	FortiSIEM Windows Agent versions antérieures à 4.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-21-176 du 02 novembre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSIEM Windows Agent versions ant\u00e9rieures \u00e0 4.1.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-41022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41022"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-907",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiSIEM. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiSIEM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-176 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-176"
    }
  ]
}

GSD-2021-41022

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts

Aliases

CVE-2021-41022

Aliases

CVE-2021-41022

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-41022",
    "description": "A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts",
    "id": "GSD-2021-41022"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-41022"
      ],
      "details": "A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts",
      "id": "GSD-2021-41022",
      "modified": "2023-12-13T01:23:27.068547Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2021-41022",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet FortiSIEMWindowsAgent",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.2, 3.1.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts"
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "Low",
          "attackVector": "Local",
          "availabilityImpact": "High",
          "baseScore": 7.5,
          "baseSeverity": "High",
          "confidentialityImpact": "High",
          "integrityImpact": "High",
          "privilegesRequired": "Low",
          "scope": "Unchanged",
          "userInteraction": "None",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Execute unauthorized code or commands"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/advisory/FG-IR-21-176",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-21-176"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.4",
                    "versionStartIncluding": "3.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-41022"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-176",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-21-176"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-11-04T14:32Z",
      "publishedDate": "2021-11-02T19:15Z"
    }
  }
}

CNVD-2021-84247

Vulnerability from cnvd - Published: 2021-11-05

Title

Fortinet FortiSIEM Windows Agent命令执行漏洞

Description

Fortinet FortiSIEM Windows Agent是美国飞塔（Fortinet）公司的一款用于从Windows服务器上收集日志和其他行为的代理程序。 Fortinet FortiSIEM Windows Agent 4.1.4 及以下版本存在安全漏洞，攻击者可利用该漏洞通过powershell脚本执行特权代码或命令。

Severity

中

Patch Name

Fortinet FortiSIEM Windows Agent命令执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://fortiguard.com/advisory/FG-IR-21-176

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-41022

Impacted products

Name
Fortinet FortiSIEM Windows Agent <=4.1.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-41022"
    }
  },
  "description": "Fortinet FortiSIEM Windows Agent\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u4eceWindows\u670d\u52a1\u5668\u4e0a\u6536\u96c6\u65e5\u5fd7\u548c\u5176\u4ed6\u884c\u4e3a\u7684\u4ee3\u7406\u7a0b\u5e8f\u3002\n\nFortinet FortiSIEM Windows Agent 4.1.4 \u53ca\u4ee5\u4e0b\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7powershell\u811a\u672c\u6267\u884c\u7279\u6743\u4ee3\u7801\u6216\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://fortiguard.com/advisory/FG-IR-21-176",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-84247",
  "openTime": "2021-11-05",
  "patchDescription": "Fortinet FortiSIEM Windows Agent\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u4eceWindows\u670d\u52a1\u5668\u4e0a\u6536\u96c6\u65e5\u5fd7\u548c\u5176\u4ed6\u884c\u4e3a\u7684\u4ee3\u7406\u7a0b\u5e8f\u3002\r\n\r\nFortinet FortiSIEM Windows Agent 4.1.4 \u53ca\u4ee5\u4e0b\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7powershell\u811a\u672c\u6267\u884c\u7279\u6743\u4ee3\u7801\u6216\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiSIEM Windows Agent\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Fortinet FortiSIEM Windows Agent \u003c=4.1.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-41022",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-04",
  "title": "Fortinet FortiSIEM Windows Agent\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

CNVD-2021-84260

Vulnerability from cnvd - Published: 2021-11-05

Title

Fortinet FortiSIEM Windows Agent存在未明漏洞

Description

Fortinet FortiSIEM Windows Agent是美国飞塔（Fortinet）公司的一款用于从Windows服务器上收集日志和其他行为的代理程序。 Fortinet FortiSIEM Windows Agent4.1.4及以下版本存在安全漏洞，攻击者可利用该漏洞通过powershell脚本执行特权代码或命令。

Severity

中

Patch Name

Fortinet FortiSIEM Windows Agent存在未明漏洞的补丁

Patch Description

Fortinet FortiSIEM Windows Agent是美国飞塔（Fortinet）公司的一款用于从Windows服务器上收集日志和其他行为的代理程序。 Fortinet FortiSIEM Windows Agent4.1.4及以下版本存在安全漏洞，攻击者可利用该漏洞通过powershell脚本执行特权代码或命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://fortiguard.com/advisory/FG-IR-21-176

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-41022

Impacted products

Name
Fortinet FortiSIEM Windows Agent <=4.1.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-41022"
    }
  },
  "description": "Fortinet FortiSIEM Windows Agent\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u4eceWindows\u670d\u52a1\u5668\u4e0a\u6536\u96c6\u65e5\u5fd7\u548c\u5176\u4ed6\u884c\u4e3a\u7684\u4ee3\u7406\u7a0b\u5e8f\u3002\n\nFortinet FortiSIEM Windows Agent4.1.4\u53ca\u4ee5\u4e0b\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7powershell\u811a\u672c\u6267\u884c\u7279\u6743\u4ee3\u7801\u6216\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://fortiguard.com/advisory/FG-IR-21-176",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-84260",
  "openTime": "2021-11-05",
  "patchDescription": "Fortinet FortiSIEM Windows Agent\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u4eceWindows\u670d\u52a1\u5668\u4e0a\u6536\u96c6\u65e5\u5fd7\u548c\u5176\u4ed6\u884c\u4e3a\u7684\u4ee3\u7406\u7a0b\u5e8f\u3002\r\n\r\nFortinet FortiSIEM Windows Agent4.1.4\u53ca\u4ee5\u4e0b\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7powershell\u811a\u672c\u6267\u884c\u7279\u6743\u4ee3\u7801\u6216\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiSIEM Windows Agent\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Fortinet FortiSIEM Windows Agent \u003c=4.1.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-41022",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-03",
  "title": "Fortinet FortiSIEM Windows Agent\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

FKIE_CVE-2021-41022

Vulnerability from fkie_nvd - Published: 2021-11-02 19:15 - Updated: 2024-11-21 06:25

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-21-176	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-21-176	Vendor Advisory

Impacted products

	Vendor	Product	Version
	fortinet	fortisiem	*
	microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B052CC93-F0C7-4094-B859-42DF247C9521",
              "versionEndIncluding": "4.1.4",
              "versionStartIncluding": "3.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts"
    },
    {
      "lang": "es",
      "value": "Una administraci\u00f3n inapropiada de privilegios en Fortinet FortiSIEM Windows Agent versi\u00f3n 4.1.4 y por debajo, permite a un atacante ejecutar c\u00f3digo o comandos privilegiados por medio de scripts powershell"
    }
  ],
  "id": "CVE-2021-41022",
  "lastModified": "2024-11-21T06:25:17.117",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-11-02T19:15:08.073",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-21-176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-21-176"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6V99-V9QX-M2MR

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19

Details

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-41022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-02T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts",
  "id": "GHSA-6v99-v9qx-m2mr",
  "modified": "2022-05-24T19:19:25Z",
  "published": "2022-05-24T19:19:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41022"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-21-176"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-41022 (GCVE-0-2021-41022)

CERTFR-2021-AVI-907

Solution

CERTFR-2021-AVI-907

Solution

GSD-2021-41022

CNVD-2021-84247

CNVD-2021-84260

FKIE_CVE-2021-41022

GHSA-6V99-V9QX-M2MR

Tags

Sightings

Nomenclature