CVE-2021-36180

Published Dec 8, 2021

Last updated 2 years ago

CVSS high 8.8

Overview

Description: Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
Source: psirt@fortinet.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C2D4490-1DC9-4901-8408-079271C39D4B",
            "versionEndIncluding": "5.8.6",
            "versionStartIncluding": "5.8.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5931460-A0F1-4BED-ADEF-A48602EA747C",
            "versionEndIncluding": "6.0.7",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60265BD0-4C66-43FF-898B-9433B4D4B0F5",
            "versionEndIncluding": "6.2.5",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F59449EE-C44E-4EE7-80DC-5194A9B5B4CD",
            "versionEndIncluding": "6.3.15",
            "versionStartIncluding": "6.3.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E06648CF-D92B-4A29-8600-FFFFC84AA435"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00331438-9892-4210-B85A-E88382018927"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:6.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96B929BB-7B7A-40D2-AB13-D4FDD41FD159"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A3C5370-3453-4F07-B551-7E36F815578C"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74A92A08-E6F6-4522-A6DA-061950AD3525"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6A3D2C4-C3FA-4E12-9156-DAFEA4E00BCC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References