var-202202-1709
Vulnerability from variot
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Fortinet FortiWeb for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1709", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiweb", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortiweb", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.3.16" }, { "model": "fortiweb", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.2.7" }, { "model": "fortiweb", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiweb", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.3.0" }, { "model": "fortiweb", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.2" }, { "model": "fortiweb", "scope": "lte", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.3.15 and earlier" }, { "model": "fortiweb", "scope": "lte", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.4.1 and earlier" }, { "model": "fortiweb", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004519" }, { "db": "NVD", "id": "CVE-2021-41018" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.2.7", "versionStartIncluding": "6.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.3.16", "versionStartIncluding": "6.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.4.2", "versionStartIncluding": "6.4.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-41018" } ] }, "cve": "CVE-2021-41018", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2021-41018", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "VHN-402291", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-004519", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-41018", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-41018", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202202-136", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-402291", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-402291" }, { "db": "JVNDB", "id": "JVNDB-2022-004519" }, { "db": "NVD", "id": "CVE-2021-41018" }, { "db": "NVD", "id": "CVE-2021-41018" }, { "db": "CNNVD", "id": "CNNVD-202202-136" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Fortinet FortiWeb for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content", "sources": [ { "db": "NVD", "id": "CVE-2021-41018" }, { "db": "JVNDB", "id": "JVNDB-2022-004519" }, { "db": "VULHUB", "id": "VHN-402291" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-41018", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2022-004519", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202202-136", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2022-09244", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-402291", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-402291" }, { "db": "JVNDB", "id": "JVNDB-2022-004519" }, { "db": "NVD", "id": "CVE-2021-41018" }, { "db": "CNNVD", "id": "CNNVD-202202-136" } ] }, "id": "VAR-202202-1709", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-402291" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:42:13.923000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-166", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/fg-ir-21-166" }, { "title": "Fortinet FortiWeb Fixes for operating system command injection vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=181532" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004519" }, { "db": "CNNVD", "id": "CNNVD-202202-136" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.1 }, { "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-402291" }, { "db": "JVNDB", "id": "JVNDB-2022-004519" }, { "db": "NVD", "id": "CVE-2021-41018" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-21-166" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41018" } ], "sources": [ { "db": "VULHUB", "id": "VHN-402291" }, { "db": "JVNDB", "id": "JVNDB-2022-004519" }, { "db": "NVD", "id": "CVE-2021-41018" }, { "db": "CNNVD", "id": "CNNVD-202202-136" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-402291" }, { "db": "JVNDB", "id": "JVNDB-2022-004519" }, { "db": "NVD", "id": "CVE-2021-41018" }, { "db": "CNNVD", "id": "CNNVD-202202-136" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-02T00:00:00", "db": "VULHUB", "id": "VHN-402291" }, { "date": "2023-04-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-004519" }, { "date": "2022-02-02T12:15:08.197000", "db": "NVD", "id": "CVE-2021-41018" }, { "date": "2022-02-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-136" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-04T00:00:00", "db": "VULHUB", "id": "VHN-402291" }, { "date": "2023-04-14T08:28:00", "db": "JVNDB", "id": "JVNDB-2022-004519" }, { "date": "2022-02-04T21:41:50.393000", "db": "NVD", "id": "CVE-2021-41018" }, { "date": "2022-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-136" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-136" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet\u00a0FortiWeb\u00a0 In \u00a0OS\u00a0 Command injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004519" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "operating system commend injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-136" } ], "trust": 0.6 } }
Loading...