Details of VAR-202205-0180

ID

VAR-202205-0180

CVE

CVE-2021-41020

TITLE

FortiIsolator Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010452

DESCRIPTION

An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. FortiIsolator Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-41020 // JVNDB: JVNDB-2022-010452 // VULHUB: VHN-402292 // VULMON: CVE-2021-41020

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiisolator	scope:	lt	version:	2.3.3	Trust: 1.0
vendor:	fortinet	model:	fortiisolator	scope:	gte	version:	2.3.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiisolator	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiisolator	scope:	lte	version:	2.3.2 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2022-010452 // NVD: CVE-2021-41020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41020
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-41020
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-41020
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-2039
value:	HIGH
Trust: 0.6
VULHUB:	VHN-402292
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-41020
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-41020
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-402292
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-41020
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-010452
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-402292 // VULMON: CVE-2021-41020 // JVNDB: JVNDB-2022-010452 // CNNVD: CNNVD-202205-2039 // NVD: CVE-2021-41020 // NVD: CVE-2021-41020

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-402292 // JVNDB: JVNDB-2022-010452 // NVD: CVE-2021-41020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2039

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2039

PATCH

title:	FG-IR-21-040	url:	https://www.fortiguard.com/psirt/FG-IR-21-040	Trust: 0.8
title:	Fortinet FortiIsolator Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199821	Trust: 0.6

sources: JVNDB: JVNDB-2022-010452 // CNNVD: CNNVD-202205-2039

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41020	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-010452	Trust: 0.8
db:	CS-HELP	id:	SB2022050322	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2039	Trust: 0.6
db:	VULHUB	id:	VHN-402292	Trust: 0.1
db:	VULMON	id:	CVE-2021-41020	Trust: 0.1

sources: VULHUB: VHN-402292 // VULMON: CVE-2021-41020 // JVNDB: JVNDB-2022-010452 // CNNVD: CNNVD-202205-2039 // NVD: CVE-2021-41020

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-040	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41020	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-41020/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050322	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-402292 // VULMON: CVE-2021-41020 // JVNDB: JVNDB-2022-010452 // CNNVD: CNNVD-202205-2039 // NVD: CVE-2021-41020

SOURCES

db:	VULHUB	id:	VHN-402292
db:	VULMON	id:	CVE-2021-41020
db:	JVNDB	id:	JVNDB-2022-010452
db:	CNNVD	id:	CNNVD-202205-2039
db:	NVD	id:	CVE-2021-41020

LAST UPDATE DATE

2024-11-23T23:10:54.184000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-402292	date:	2022-07-12T00:00:00
db:	VULMON	id:	CVE-2021-41020	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-010452	date:	2023-08-15T07:03:00
db:	CNNVD	id:	CNNVD-202205-2039	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-41020	date:	2024-11-21T06:25:16.773

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-402292	date:	2022-05-04T00:00:00
db:	VULMON	id:	CVE-2021-41020	date:	2022-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-010452	date:	2023-08-15T00:00:00
db:	CNNVD	id:	CNNVD-202205-2039	date:	2022-05-03T00:00:00
db:	NVD	id:	CVE-2021-41020	date:	2022-05-04T16:15:08.100