CVE-2021-42759 - OpenCVE

A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet	Meru Meru Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:fortinet:meru_firmware::::::::
	cpe:2.3:o:fortinet:meru_firmware::::::::

cpe:2.3:h:fortinet:meru:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://fortiguard.com/advisory/FG-IR-21-004

History

No history.

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2021-12-09T09:22:21

Updated: 2024-08-04T03:38:50.208Z

Reserved: 2021-10-20T00:00:00

Link: CVE-2021-42759

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-09T10:15:11.787

Modified: 2021-12-13T20:00:41.967

Link: CVE-2021-42759

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Fortinet Meru AP", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "Meru AP 8.6.1, 8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0"}]}], "descriptions": [{"lang": "en", "value": "A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "NOT_DEFINED", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Execute unauthorized code or commands", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-09T09:22:21", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-21-004"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-42759", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet Meru AP", "version": {"version_data": [{"version_value": "Meru AP 8.6.1, 8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", "baseScore": 6.3, "baseSeverity": "Medium", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/advisory/FG-IR-21-004", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-21-004"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:38:50.208Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-21-004"}]}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-42759", "datePublished": "2021-12-09T09:22:21", "dateReserved": "2021-10-20T00:00:00", "dateUpdated": "2024-08-04T03:38:50.208Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:meru_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "97C8A225-4B00-4AB1-AE9D-92835C3AB826", "versionEndIncluding": "8.5.5", "versionStartIncluding": "8.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:meru_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D85AB4CD-308E-4495-A137-178883D08316", "versionEndExcluding": "8.6.2", "versionStartIncluding": "8.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:meru:-:*:*:*:*:*:*:*", "matchCriteriaId": "58239031-FE5A-4408-BC23-FB9ABEEFE127", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands."}, {"lang": "es", "value": "Una violaci\u00f3n de los principios de dise\u00f1o seguro en Fortinet Meru AP versi\u00f3n 8.6.1 y anteriores, versi\u00f3n 8.5.5 y anteriores, permite al atacante ejecutar c\u00f3digo o comandos no autorizados por medio de comandos cli dise\u00f1ados"}], "id": "CVE-2021-42759", "lastModified": "2021-12-13T20:00:41.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2021-12-09T10:15:11.787", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-21-004"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}