Severity
Medium
Analysis Summary
CVE-2021-43067
Fortinet FortiAuthenticator could allow a remote authenticated attacker to bypass security restrictions, caused by an information exposure flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to duplicate a target LDAP user 2 factors authentication token.
CVE-2021-43064
Fortinet FortiWeb could allow a remote authenticated attacker to conduct phishing attacks, caused by an open redirect vulnerability in the redirection handlers. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVE-2021-43063
Fortinet FortiWeb is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login webpage. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-42760
Fortinet FortiWLM is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the alarm and device handlers, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2021-42758
Fortinet FortiWLC could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper access control. By sending a specially-crafted request to bypass the GUI restrictions, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2021-42757
Fortinet FortiOS is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the TFTP client library. By sending specially-crafted command-line arguments, a locally authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2021-42752
Fortinet FortiWLM is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Security Bypass
- Cross-SIte Scripting
- Data Manipulation
- Command Execution
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiAuthenticator 6.0.1
- Fortinet FortiAuthenticator 6.0.7
- Fortinet FortiAuthenticator 6.1.2
- Fortinet FortiAuthenticator 6.2.1
- Fortinet FortiAuthenticator 6.3.2
- Fortinet FortiAuthenticator 6.4.0
- Fortinet FortiWeb 6.3.15
- Fortinet FortiWeb 6.4.1
- Fortinet FortiWLM 8.6.1
- Fortinet FortiWLC 8.0
- Fortinet FortiWLC 8.2
- Fortinet FortiWLC 8.3.0
- Fortinet FortiWLC 8.1.0
- Fortinet FortiWLC 8.4.0
- Fortinet FortiWLC 8.5.0
- Fortinet FortiWLC 8.6.0
- Fortinet FortiWLC 8.6.1
- Fortinet FortiOS 6.2.9 Fortinet FortiOS 6.0.13 Fortinet FortiOS 6.4.7 Fortinet FortiOS 7.0.2
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.
CVE-2021-43067
CVE-2021-43064
CVE-2021-43063
CVE-2021-42760
CVE-2021-42758
CVE-2021-42757
CVE-2021-42752