{"vulnerability": "CVE-2021-2401", "sightings": [{"uuid": "34d12bc7-742c-4437-9e09-5a781772b9ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24019", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llpaxs7glr2z", "content": "", "creation_timestamp": "2025-03-31T21:02:06.930814Z"}, {"uuid": "fa1c40c6-660b-41a5-a245-35240a6432e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24016", "type": "seen", "source": "https://t.me/cibsecurity/29734", "content": "\u203c CVE-2021-24016 \u203c\n\nAn improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-30T20:14:28.000000Z"}, {"uuid": "6d0797ae-48dc-4e61-8d00-db0da48cf13e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24017", "type": "seen", "source": "https://t.me/cibsecurity/29735", "content": "\u203c CVE-2021-24017 \u203c\n\nAn improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-30T20:14:29.000000Z"}, {"uuid": "b004dd54-1b26-46eb-ab98-a89aa6fc7ce6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24019", "type": "published-proof-of-concept", "source": "Telegram/aPCPdIPGkODZoxCaDJ8O34mKLW0JTsj39l_jw_IG9BQaA-s", "content": "", "creation_timestamp": "2025-03-28T10:00:05.000000Z"}, {"uuid": "99b3faea-dd11-4e76-89bf-c3cbdf8a5881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24019", "type": "seen", "source": "https://t.me/cibsecurity/30031", "content": "\u203c CVE-2021-24019 \u203c\n\nAn insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-06T14:37:52.000000Z"}, {"uuid": "ef3288b9-12e4-4e4b-a1da-79f0c085b7a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24018", "type": "seen", "source": "https://t.me/cibsecurity/26816", "content": "\u203c CVE-2021-24018 \u203c\n\nA buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-04T19:24:32.000000Z"}, {"uuid": "4ad317d1-32a0-4ff1-8ba6-f7b7afc4d328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24014", "type": "seen", "source": "https://t.me/cibsecurity/26849", "content": "\u203c CVE-2021-24014 \u203c\n\nMultiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-04T23:23:45.000000Z"}, {"uuid": "e0cab0a6-3df7-4e87-81a1-c9378fc597ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24010", "type": "seen", "source": "https://t.me/cibsecurity/26810", "content": "\u203c CVE-2021-24010 \u203c\n\nImproper limitation of a pathname to a restricted directory\u00c2\u00a0vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-04T19:24:25.000000Z"}]}