VAR-202108-0364
Vulnerability from variot - Updated: 2023-12-18 11:51An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters. FortiSandbox and FortiAuthenticator Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Fortinet FortiSandbox and Fortinet FortiAuthenticator are products of Fortinet. Fortinet FortiSandbox is an APT (advanced persistent threat) protection device. The appliance offers features such as dual sandboxing technology, dynamic threat intelligence system, real-time dashboard and reporting. Fortinet FortiAuthenticator is a centralized user identity management solution
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-0364",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortisandbox",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.2.0"
},
{
"model": "fortiauthenticator",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortisandbox",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.0.7"
},
{
"model": "fortisandbox",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.1.5"
},
{
"model": "fortiauthenticator",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.6"
},
{
"model": "fortiauthenticator",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.0"
},
{
"model": "fortiauthenticator",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.0"
},
{
"model": "fortiauthenticator",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.3.4"
},
{
"model": "fortisandbox",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.2.2"
},
{
"model": "fortiauthenticator",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.5.0"
},
{
"model": "fortisandbox",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.1.0"
},
{
"model": "fortisandbox",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.0.0"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.2.0 to 3.2.2"
},
{
"model": "fortiauthenticator",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.1.0 to 3.1.4"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.0.0 to 3.0.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009740"
},
{
"db": "NVD",
"id": "CVE-2021-22124"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.7",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.5",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.2",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22124"
}
]
},
"cve": "CVE-2021-22124",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22124",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-380533",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22124",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22124",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-22124",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-344",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-380533",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22124",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380533"
},
{
"db": "VULMON",
"id": "CVE-2021-22124"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009740"
},
{
"db": "NVD",
"id": "CVE-2021-22124"
},
{
"db": "NVD",
"id": "CVE-2021-22124"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-344"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters. FortiSandbox and FortiAuthenticator Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Fortinet FortiSandbox and Fortinet FortiAuthenticator are products of Fortinet. Fortinet FortiSandbox is an APT (advanced persistent threat) protection device. The appliance offers features such as dual sandboxing technology, dynamic threat intelligence system, real-time dashboard and reporting. Fortinet FortiAuthenticator is a centralized user identity management solution",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22124"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009740"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-380533"
},
{
"db": "VULMON",
"id": "CVE-2021-22124"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22124",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009740",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-344",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080316",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2618",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-380533",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380533"
},
{
"db": "VULMON",
"id": "CVE-2021-22124"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009740"
},
{
"db": "NVD",
"id": "CVE-2021-22124"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-344"
}
]
},
"id": "VAR-202108-0364",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-380533"
}
],
"trust": 0.47698412
},
"last_update_date": "2023-12-18T11:51:11.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-20-170",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-20-170"
},
{
"title": "Fortinet FortiSandbox and Fortinet FortiAuthenticator Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159851"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009740"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-344"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380533"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009740"
},
{
"db": "NVD",
"id": "CVE-2021-22124"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/advisory/fg-ir-20-170"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22124"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080316"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2618"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380533"
},
{
"db": "VULMON",
"id": "CVE-2021-22124"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009740"
},
{
"db": "NVD",
"id": "CVE-2021-22124"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-344"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-380533"
},
{
"db": "VULMON",
"id": "CVE-2021-22124"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009740"
},
{
"db": "NVD",
"id": "CVE-2021-22124"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-344"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-380533"
},
{
"date": "2021-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22124"
},
{
"date": "2022-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009740"
},
{
"date": "2021-08-04T19:15:08.313000",
"db": "NVD",
"id": "CVE-2021-22124"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-344"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-380533"
},
{
"date": "2021-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22124"
},
{
"date": "2022-05-18T05:43:00",
"db": "JVNDB",
"id": "JVNDB-2021-009740"
},
{
"date": "2021-08-12T13:39:09.087000",
"db": "NVD",
"id": "CVE-2021-22124"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-344"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-344"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiSandbox\u00a0 and \u00a0FortiAuthenticator\u00a0 Resource Depletion Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009740"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…