Severity
High
Analysis Summary
CVE-2021-43075
Fortinet FortiWLM could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted HTTP request to the alarm dashboard and controller config handlers, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2021-43070
Fortinet FortiWLM could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the management interface containing “dot dot” sequences (/../) to retrieve arbitrary files from the underlying filesystem.
CVE-2021-44166
Fortinet FortiToken Mobile (Android) could allow a remote authenticated attacker to bypass security restrictions, caused by an improper access control vulnerability. By sending a specially-crafted request, an attacker could exploit this vulnerability to access the protected system during the 2FA procedure.
CVE-2021-43077
Fortinet FortiWLM is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted HTTP requests to the AP monitor handlers, which could allow the attacker to view, add, modify or delete information in the back-end database.
Impact
- Command Execution
- Information Disclosure
- Security Bypass
- Data Manipulation
Indicators of Compromise
CVE
- CVE-2021-43075
- CVE-2021-43070
- CVE-2021-44166
- CVE-2021-43077
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiWLM 8.6.2
- Fortinet FortiWLM 8.5.2
- Fortinet FortiWLM 8.4.2
- Fortinet FortiWLM 8.3.3
- Fortinet FortiToken Mobile (Android) 5.1.0
Remediation
Refer to FortiGuard Advisory for patch, upgrade, or suggested workaround information.
CVE-2021-43075
https://www.fortiguard.com/psirt/FG-IR-21-128
CVE-2021-43070
https://www.fortiguard.com/psirt/FG-IR-21-106
CVE-2021-44166
https://www.fortiguard.com/psirt/FG-IR-21-210
CVE-2021-43077