Lucene search

[email protected]NVD:CVE-2021-36195

HistoryDec 08, 2021 - 7:15 p.m.

CVE-2021-36195

2021-12-0819:15:09

CWE-78

[email protected]

web.nvd.nist.gov

command injection

fortiweb

vulnerabilities

authentication

arbitrary commands

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.3%

JSON

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.

Affected configurations

Nvd

Node

fortinetfortiwebRange6.2.0–6.2.5

fortinetfortiwebRange6.3.0–6.3.15

fortinetfortiwebMatch6.1.0

fortinetfortiwebMatch6.1.1

fortinetfortiwebMatch6.1.2

fortinetfortiwebMatch6.4.0

fortinetfortiwebMatch6.4.1

References

fortiguard.com/advisory/FG-IR-21-157

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.3%

JSON

Related for NVD:CVE-2021-36195

cve1 fortinet1 cvelist1 cnvd1 prion1 threatpost1