var-202112-0357
Vulnerability from variot
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability. FortiProxy and FortiGate Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiProxy SSL VPN is the United States ( Fortinet ) company's application software. An intrusion detection function is provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0357", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.11" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.9" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.3" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.13" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.14" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.6" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "NVD", "id": "CVE-2021-26103" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.2.11", "versionStartIncluding": "1.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.0.3", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.6.14", "versionStartIncluding": "5.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.0.13", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.2.9", "versionStartIncluding": "6.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.4.6", "versionStartIncluding": "6.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-26103" } ] }, "cve": "CVE-2021-26103", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-26103", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "VHN-385067", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-26103", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-26103", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-26103", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202112-530", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-385067", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-385067" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "NVD", "id": "CVE-2021-26103" }, { "db": "NVD", "id": "CVE-2021-26103" }, { "db": "CNNVD", "id": "CNNVD-202112-530" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability. FortiProxy and FortiGate Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiProxy SSL VPN is the United States ( Fortinet ) company\u0027s application software. An intrusion detection function is provided", "sources": [ { "db": "NVD", "id": "CVE-2021-26103" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "VULHUB", "id": "VHN-385067" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-26103", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-016005", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202112-530", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.4147", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021120716", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2022-19075", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-385067", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-385067" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "NVD", "id": "CVE-2021-26103" }, { "db": "CNNVD", "id": "CNNVD-202112-530" } ] }, "id": "VAR-202112-0357", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-385067" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:17:39.486000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-20-158", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/fg-ir-20-158" }, { "title": "Fortinet FortiProxy SSL VPN Repair measures for data forgery problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=173980" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "CNNVD", "id": "CNNVD-202112-530" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-345", "trust": 1.1 }, { "problemtype": "Inadequate verification of data reliability (CWE-345) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-385067" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "NVD", "id": "CVE-2021-26103" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-20-158" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26103" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4147" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021120716" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-cross-site-request-forgery-via-ssl-vpn-portal-37020" } ], "sources": [ { "db": "VULHUB", "id": "VHN-385067" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "NVD", "id": "CVE-2021-26103" }, { "db": "CNNVD", "id": "CNNVD-202112-530" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-385067" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "NVD", "id": "CVE-2021-26103" }, { "db": "CNNVD", "id": "CNNVD-202112-530" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-08T00:00:00", "db": "VULHUB", "id": "VHN-385067" }, { "date": "2022-12-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "date": "2021-12-08T12:15:07.677000", "db": "NVD", "id": "CVE-2021-26103" }, { "date": "2021-12-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-530" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-09T00:00:00", "db": "VULHUB", "id": "VHN-385067" }, { "date": "2022-12-05T06:07:00", "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "date": "2021-12-09T21:11:26.673000", "db": "NVD", "id": "CVE-2021-26103" }, { "date": "2021-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-530" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-530" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiProxy\u00a0 and \u00a0FortiGate\u00a0 Inadequate validation of data reliability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016005" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "data forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-530" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.