Details of VAR-202110-1729

ID

VAR-202110-1729

CVE

CVE-2021-26105

TITLE

fortinet's FortiSandbox security check vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021879

DESCRIPTION

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests. fortinet's FortiSandbox contains vulnerabilities related to security checks and out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-26105 // JVNDB: JVNDB-2021-021879

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisandbox	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	3.2.3	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	3.1.4	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	3.1.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	3.2.0	Trust: 1.0
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	4.0.0	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	3.2.0 that's all 3.2.3	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	3.1.0 to 3.1.4	Trust: 0.8

sources: JVNDB: JVNDB-2021-021879 // NVD: CVE-2021-26105

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2021-26105
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2021-26105
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-26105
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-223
value:	HIGH
Trust: 0.6

psirt@fortinet.com:	CVE-2021-26105
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.2
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2021-26105
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-26105
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-021879 // CNNVD: CNNVD-202110-223 // NVD: CVE-2021-26105 // NVD: CVE-2021-26105

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-358	Trust: 1.0
problemtype:	Improperly implemented security checks (CWE-358) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-021879 // NVD: CVE-2021-26105

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-223

PATCH

title:	FG-IR-20-234	url:	https://fortiguard.fortinet.com/psirt/FG-IR-20-234	Trust: 0.8
title:	Fortinet FortiSandbox Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164906	Trust: 0.6

sources: JVNDB: JVNDB-2021-021879 // CNNVD: CNNVD-202110-223

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26105	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-021879	Trust: 0.8
db:	CS-HELP	id:	SB2021100516	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3291	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-223	Trust: 0.6

sources: JVNDB: JVNDB-2021-021879 // CNNVD: CNNVD-202110-223 // NVD: CVE-2021-26105

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-20-234	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26105	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021100516	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3291	Trust: 0.6

sources: JVNDB: JVNDB-2021-021879 // CNNVD: CNNVD-202110-223 // NVD: CVE-2021-26105

SOURCES

db:	JVNDB	id:	JVNDB-2021-021879
db:	CNNVD	id:	CNNVD-202110-223
db:	NVD	id:	CVE-2021-26105

LAST UPDATE DATE

2025-08-01T23:19:35.385000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-021879	date:	2025-07-29T07:59:00
db:	CNNVD	id:	CNNVD-202110-223	date:	2021-10-09T00:00:00
db:	NVD	id:	CVE-2021-26105	date:	2025-07-24T19:18:02.290

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-021879	date:	2025-07-29T00:00:00
db:	CNNVD	id:	CNNVD-202110-223	date:	2021-10-05T00:00:00
db:	NVD	id:	CVE-2021-26105	date:	2025-03-24T16:15:16.610