CVE-2021-36180 - OpenCVE

Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Fortinet	Fortiweb

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb:5.9.0:::::::*
	cpe:2.3:a:fortinet:fortiweb:5.9.1:::::::*
	cpe:2.3:a:fortinet:fortiweb:6.1.0:::::::*
	cpe:2.3:a:fortinet:fortiweb:6.1.1:::::::*
	cpe:2.3:a:fortinet:fortiweb:6.4.0:::::::*
	cpe:2.3:a:fortinet:fortiweb:6.4.1:::::::*

References

Link	Resource
https://fortiguard.com/advisory/FG-IR-21-120	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: fortinet

Published: 2021-12-08T10:46:45

Updated: 2021-12-08T10:46:45

Reserved: 2021-07-06T00:00:00

Link: CVE-2021-36180

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-08T11:15:11.793

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-36180

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "Fortinet FortiWeb", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "FortiWeb 6.4.1 and below, 6.3.15 and below, 6.2.5 and below"}]}], "descriptions": [{"lang": "en", "value": "Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.9, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Execute unauthorized code or commands", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-08T10:46:45", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-21-120"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-36180", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiWeb", "version": {"version_data": [{"version_value": "FortiWeb 6.4.1 and below, 6.3.15 and below, 6.2.5 and below"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "High", "baseScore": 7.9, "baseSeverity": "High", "confidentialityImpact": "None", "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/advisory/FG-IR-21-120", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-21-120"}]}}}}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-36180", "datePublished": "2021-12-08T10:46:45", "dateReserved": "2021-07-06T00:00:00", "dateUpdated": "2021-12-08T10:46:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C2D4490-1DC9-4901-8408-079271C39D4B", "versionEndIncluding": "5.8.6", "versionStartIncluding": "5.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5931460-A0F1-4BED-ADEF-A48602EA747C", "versionEndIncluding": "6.0.7", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "60265BD0-4C66-43FF-898B-9433B4D4B0F5", "versionEndIncluding": "6.2.5", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "F59449EE-C44E-4EE7-80DC-5194A9B5B4CD", "versionEndIncluding": "6.3.15", "versionStartIncluding": "6.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:5.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E06648CF-D92B-4A29-8600-FFFFC84AA435", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:5.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "00331438-9892-4210-B85A-E88382018927", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "96B929BB-7B7A-40D2-AB13-D4FDD41FD159", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A3C5370-3453-4F07-B551-7E36F815578C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "74A92A08-E6F6-4522-A6DA-061950AD3525", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6A3D2C4-C3FA-4E12-9156-DAFEA4E00BCC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de neutralizaci\u00f3n inapropiada de elementos especiales usados en un comando [CWE-77] en la interfaz de administraci\u00f3n de FortiWeb 6.4.1 y anteriores, 6.3.15 y anteriores, 6.2.5 y anteriores pueden permitir a un atacante autenticado ejecutar c\u00f3digo o comandos no autorizados por medio de par\u00e1metros dise\u00f1ados de peticiones HTTP"}], "id": "CVE-2021-36180", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2021-12-08T11:15:11.793", "references": [{"source": "psirt@fortinet.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-21-120"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}