CVE-2021-26104

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://fortiguard.com/advisory/FG-IR-21-037	Vendor Advisory
https://github.com/orangecertcc/security-research/security/advisories/GHSA-f73m-fvj3-m2pm	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortiportal::::::::
	cpe:2.3:a:fortinet:fortiportal::::::::
	cpe:2.3:a:fortinet:fortiportal::::::::

History

No history.

Information

Published : 2022-04-06 16:15

Updated : 2024-02-28 19:09

NVD link : CVE-2021-26104

Mitre link : CVE-2021-26104

CVE.ORG link : CVE-2021-26104

JSON object : View

Products Affected

fortinet

fortimanager
fortiportal
fortianalyzer

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2021-26104", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-04-06T16:15:07.863", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-21-037", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f73m-fvj3-m2pm", "tags": ["Exploit", "Third Party Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos en el Sistema Operativo (CWE-78) en la interfaz de l\u00ednea de comandos de FortiManager versiones 6.2.7 y anteriores, 6.4.5 y anteriores y todas las versiones de 6.2.x, 6.0.x y 5.6.x, FortiAnalyzer versiones 6.2.7 y anteriores, 6.4.5 y anteriores y todas las versiones de 6. 2.x, 6.0.x y 5.6.x, y FortiPortal versiones 5.2.5 y anteriores, 5.3.5 y anteriores y 6.0.4 y anteriores, pueden permitir a un usuario local autenticado no privilegiado ejecutar comandos shell arbitrarios como root por medio de par\u00e1metros de comando CLI espec\u00edficamente dise\u00f1ados"}], "lastModified": "2022-07-28T18:00:26.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66857473-23A9-411F-958E-455E2D156746", "versionEndExcluding": "6.0.11", "versionStartIncluding": "5.6.0"}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F1A4F4-3123-4032-A82A-A4E1E2DFD2EF", "versionEndExcluding": "6.2.8", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23A36459-01FE-4ABC-8C5B-783408B43E22", "versionEndExcluding": "6.4.6", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EAA4A2B-B03F-4842-B87C-FEFDF648C7A7", "versionEndExcluding": "6.0.11", "versionStartIncluding": "5.6.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4A894BD-7AB4-4F10-819A-4DE3F9C961CC", "versionEndExcluding": "6.2.8", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3FC7F19-2794-4E8E-A93A-4031D94D2A7F", "versionEndExcluding": "6.4.6", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C05F7D12-B00B-4B09-8B86-4464E3E5127B", "versionEndExcluding": "5.2.6"}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97B4F8A2-CD69-436F-9080-323AE2ACFDA8", "versionEndExcluding": "5.3.6", "versionStartIncluding": "5.3.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53B6FCC7-F713-42FC-B666-7169DC7A2BEA", "versionEndExcluding": "6.0.5", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}