Commit CVE-2021-43077

2025-07-29 05:56:59 +00:00 · 2022-03-01 17:30:48 +01:00 · 2022-03-01 17:30:48 +01:00 · bf263d89cc
commit bf263d89cc
parent ad664d2028
1 changed files with 63 additions and 3 deletions
--- a/2021/43xxx/CVE-2021-43077.json
+++ b/2021/43xxx/CVE-2021-43077.json
@ -4,14 +4,74 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2021-43077",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Fortinet FortiWLM",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "FortiWLM 8.6.2, 8.6.1, 8.6.0, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Network",
+            "availabilityImpact": "High",
+            "baseScore": 8.3,
+            "baseSeverity": "High",
+            "confidentialityImpact": "High",
+            "integrityImpact": "High",
+            "privilegesRequired": "Low",
+            "scope": "Unchanged",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Execute unauthorized code or commands"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/advisory/FG-IR-21-189",
+                "url": "https://fortiguard.com/advisory/FG-IR-21-189"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers."
            }
        ]
    }