All the vulnerabilites related to Fortinet - FortiProxy
cve-2022-38378
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 Version: 7.0.0 ≤ 7.0.7 Version: 6.4.0 ≤ 6.4.11 Version: 6.2.0 ≤ 6.2.12 Version: 6.0.0 ≤ 6.0.16 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:54:03.429Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-346", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-346" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-38378", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:18:33.317354Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:49:30.558Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.11", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users)\u00a0to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "Escalation of privilege", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T18:06:36.339Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-346", "url": "https://fortiguard.com/psirt/FG-IR-22-346" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.2.1 or above Please upgrade to FortiOS version 7.0.8 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above " } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-38378", "datePublished": "2023-02-16T18:06:36.339Z", "dateReserved": "2022-08-16T14:17:48.481Z", "dateUpdated": "2024-10-22T20:49:30.558Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42474
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiSwitchManager |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.1 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:40.871Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-393", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-393" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-42474", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:18:03.538716Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:46:07.625Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.1", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.11", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:41:42.277Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-393", "url": "https://fortiguard.com/psirt/FG-IR-22-393" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiSwitchManager version 7.2.2 or above\r\nPlease upgrade to FortiSwitchManager version 7.0.2 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiProxy version 2.0.12 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-42474", "datePublished": "2023-06-13T08:41:42.277Z", "dateReserved": "2022-10-07T14:05:36.301Z", "dateUpdated": "2024-10-22T20:46:07.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43081
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-21-230 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiProxy |
Version: FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:47:13.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-21-230" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-43081", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:19:32.002056Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:57:08.663Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0." } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "WORKAROUND", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 6, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:W/RC:X", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Unauthorized code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T14:30:18", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/psirt/FG-IR-21-230" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-43081", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiProxy", "version": { "version_data": [ { "version_value": "FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0." } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 6, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:W/RC:X", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Unauthorized code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/psirt/FG-IR-21-230", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-21-230" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-43081", "datePublished": "2022-05-11T14:30:18", "dateReserved": "2021-10-28T00:00:00", "dateUpdated": "2024-10-22T20:57:08.663Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43074
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiSwitch |
Version: 7.0.0 ≤ 7.0.3 Version: 6.4.0 ≤ 6.4.10 Version: 6.2.0 ≤ 6.2.7 Version: 6.0.0 ≤ 6.0.7 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:47:13.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-21-126", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-21-126" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-43074", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:18:40.880303Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:50:25.414Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiSwitch", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.10", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.7", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.7", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiWeb", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "6.4.2", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.3.16", "status": "affected", "version": "6.3.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.7", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.3", "status": "affected", "version": "6.1.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.8", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.1", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.7", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.8", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8\u00a0and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10\u00a0and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1\u00a0and below, 2.0.7\u00a0and below, 1.2 all versions, 1.1 all versions, 1.0 all versions\u00a0may allow an attacker\u00a0to decrypt portions of the administrative session management cookie\u00a0if able to intercept the latter." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T18:05:27.932Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-21-126", "url": "https://fortiguard.com/psirt/FG-IR-21-126" } ], "solutions": [ { "lang": "en", "value": "Upgrade to FortiOS version 7.0.7 or above.\r\nUpgrade to FortiOS version 6.4.9\u00a0or above.\nUpgrade to FortiWeb version 7.0.0 or above.\r\nupgrade to FortiWeb version 6.3.17 or above.\nUpgrade to FortiProxy\u00a0version 7.0.7 or above.\r\nUpgrade to FortiProxy\u00a0version 2.0.8\u00a0or above.\nUpgrade to FortiSwitch\u00a0version 7.2.0 or above.\r\nUpgrade to FortiSwitch\u00a0version 7.0.4\u00a0or above.\r\nUpgrade to FortiSwitch\u00a0version 6.4.11\u00a0or above." } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-43074", "datePublished": "2023-02-16T18:05:27.932Z", "dateReserved": "2021-10-28T21:06:26.048Z", "dateUpdated": "2024-10-22T20:50:25.414Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-42790
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.6 Version: 7.0.0 ≤ 7.0.12 Version: 2.0.0 ≤ 2.0.13 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:30:24.514Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-328", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-328" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-42790", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-16T04:00:43.736004Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T14:04:47.192Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.13", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-17T14:08:06.101Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-328", "url": "https://fortiguard.com/psirt/FG-IR-23-328" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.2 or above\r\nPlease upgrade to FortiOS version 7.2.6 or above\r\nPlease upgrade to FortiOS version 7.0.13 or above\r\nPlease upgrade to FortiOS version 6.4.15 or above\r\nPlease upgrade to FortiOS version 6.2.16 or above\r\nPlease upgrade to FortiProxy version 7.4.1 or above\r\nPlease upgrade to FortiProxy version 7.2.7 or above\r\nPlease upgrade to FortiProxy version 7.0.13 or above\r\nPlease upgrade to FortiProxy version 2.0.14 or above\r\nFortinet in Q3/23 has remediated this issue in FortiSASE version 23.3.b and hence the customers need not perform any action." } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-42790", "datePublished": "2024-03-12T15:09:17.594Z", "dateReserved": "2023-09-14T08:37:38.657Z", "dateUpdated": "2024-09-17T14:08:06.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-13380
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-18-383 | x_refsource_CONFIRM | |
https://fortiguard.com/advisory/FG-IR-20-230 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS and FortiProxy |
Version: FortiGate 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4.0 through 5.4.12, 5.2 and earlier and FortiProxy versions 2.0.0, 1.2.8 and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:00:34.992Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-18-383" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-20-230" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2018-13380", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:59:56.106542Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T14:06:52.781Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS and FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiGate 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4.0 through 5.4.12, 5.2 and earlier and FortiProxy versions 2.0.0, 1.2.8 and earlier" } ] } ], "datePublic": "2019-05-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Execute unauthorized code or commands", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-10T16:39:29", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-18-383" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-20-230" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2018-13380", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS and FortiProxy", "version": { "version_data": [ { "version_value": "FortiGate 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4.0 through 5.4.12, 5.2 and earlier and FortiProxy versions 2.0.0, 1.2.8 and earlier" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 4.6, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Changed", "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-18-383", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-18-383" }, { "name": "https://fortiguard.com/advisory/FG-IR-20-230", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-20-230" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2018-13380", "datePublished": "2019-06-04T20:12:06", "dateReserved": "2018-07-06T00:00:00", "dateUpdated": "2024-10-25T14:06:52.781Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33307
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.10 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:36.129Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-015", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-015" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-33307", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:17:52.005676Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:41:52.598Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-16T09:40:11.023Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-015", "url": "https://fortiguard.com/psirt/FG-IR-23-015" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.9 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-33307", "datePublished": "2023-06-16T09:40:11.023Z", "dateReserved": "2023-05-22T07:58:22.197Z", "dateUpdated": "2024-10-22T20:41:52.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45862
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiPAM |
Version: 1.3.0 Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3 |
||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-45862", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-13T17:32:08.496052Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-13T17:32:25.867Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "1.3.0" }, { "status": "affected", "version": "1.2.0" }, { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.11", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.18", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.2", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-613", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T15:51:57.147Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-445", "url": "https://fortiguard.com/psirt/FG-IR-22-445" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiPAM version 1.4.0 or above \nPlease upgrade to FortiProxy version 7.4.0 or above \nPlease upgrade to FortiSwitchManager version 7.2.2 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-45862", "datePublished": "2024-08-13T15:51:57.147Z", "dateReserved": "2022-11-23T14:57:05.613Z", "dateUpdated": "2024-08-13T17:32:25.867Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-13379
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-18-384 | x_refsource_CONFIRM | |
https://www.fortiguard.com/psirt/FG-IR-20-233 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS, FortiProxy |
Version: FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:00:35.028Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-18-384" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.fortiguard.com/psirt/FG-IR-20-233" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2018-13379", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:32:05.098252Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-13379" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-23T13:32:35.204Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS, FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7" } ] } ], "datePublic": "2019-05-24T00:00:00", "descriptions": [ { "lang": "en", "value": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-03T10:29:56", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-18-384" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.fortiguard.com/psirt/FG-IR-20-233" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2018-13379", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS, FortiProxy", "version": { "version_data": [ { "version_value": "FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "High", "baseScore": 8.9, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-18-384", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-18-384" }, { "name": "https://www.fortiguard.com/psirt/FG-IR-20-233", "refsource": "CONFIRM", "url": "https://www.fortiguard.com/psirt/FG-IR-20-233" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2018-13379", "datePublished": "2019-06-04T20:18:08", "dateReserved": "2018-07-06T00:00:00", "dateUpdated": "2024-10-23T13:32:35.204Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26207
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.10 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:39:06.659Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-455", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-455" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26207", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:17:59.430978Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:45:42.886Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:41:45.823Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-455", "url": "https://fortiguard.com/psirt/FG-IR-22-455" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiProxy version 7.2.2 or above " } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-26207", "datePublished": "2023-06-13T08:41:45.823Z", "dateReserved": "2023-02-20T15:09:20.636Z", "dateUpdated": "2024-10-22T20:45:42.886Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36640
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.10 Version: 2.0.0 ≤ 2.0.14 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 Version: 1.0.0 ≤ 1.0.7 |
||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "2.*", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.2", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "7.4.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "6.4.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "6.2.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortipam", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.1.*", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-36640", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T17:49:03.425796Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:25:49.629Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.010Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-137", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-137" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-134", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-14T16:19:21.747Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-137", "url": "https://fortiguard.com/psirt/FG-IR-23-137" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.1 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiSwitchManager version 7.2.3 or above \nPlease upgrade to FortiSwitchManager version 7.0.3 or above \nPlease upgrade to FortiProxy version 7.2.6 or above \nPlease upgrade to FortiProxy version 7.0.12 or above \nPlease upgrade to FortiPAM version 1.1.1 or above \nPlease upgrade to FortiSASE version 22.4 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-36640", "datePublished": "2024-05-14T16:19:21.747Z", "dateReserved": "2023-06-25T18:03:39.227Z", "dateUpdated": "2024-08-02T16:52:54.010Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29175
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.9 Version: 2.0.0 ≤ 2.0.12 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:00:15.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-468", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-468" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-29175", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:17:56.986398Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:45:26.647Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.13", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.17", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote\u00a0FortiGuard\u0027s map server." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:41:48.433Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-468", "url": "https://fortiguard.com/psirt/FG-IR-22-468" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.2.1 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\nPlease upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-29175", "datePublished": "2023-06-13T08:41:48.433Z", "dateReserved": "2023-04-03T08:47:30.451Z", "dateUpdated": "2024-10-22T20:45:26.647Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40684
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS, FortiProxy, FortiSwitchManager |
Version: FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiSwitchManager 7.2.0, 7.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:21:46.541Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-377" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-40684", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:27:43.070187Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2022-10-11", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-40684" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T13:28:36.659Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS, FortiProxy, FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiProxy 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0; FortiSwitchManager 7.2.0, 7.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 9.6, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Execute unauthorized code or commands", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-27T00:00:00", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-22-377" }, { "url": "http://packetstormsecurity.com/files/169431/Fortinet-FortiOS-FortiProxy-FortiSwitchManager-Authentication-Bypass.html" }, { "url": "http://packetstormsecurity.com/files/171515/Fortinet-7.2.1-Authentication-Bypass.html" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-40684", "datePublished": "2022-10-18T00:00:00", "dateReserved": "2022-09-14T00:00:00", "dateUpdated": "2024-10-23T13:28:36.659Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33306
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.10 Version: 6.4.0 ≤ 6.4.12 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:36.283Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-015", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-015" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-33306", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:17:53.416082Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:42:04.868Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:X", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-16T09:40:07.625Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-015", "url": "https://fortiguard.com/psirt/FG-IR-23-015" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.9 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-33306", "datePublished": "2023-06-16T09:40:07.625Z", "dateReserved": "2023-05-22T07:58:22.197Z", "dateUpdated": "2024-10-22T20:42:04.868Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42472
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.7 Version: 2.0.0 ≤ 2.0.10 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.008Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-362", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-362" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-42472", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:18:31.990875Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:49:22.231Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.10", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper neutralization of crlf sequences in http headers (\u0027http response splitting\u0027) in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-113", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T18:07:00.188Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-362", "url": "https://fortiguard.com/psirt/FG-IR-22-362" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.11 or above Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above " } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-42472", "datePublished": "2023-02-16T18:07:00.188Z", "dateReserved": "2022-10-07T14:05:36.301Z", "dateUpdated": "2024-10-22T20:49:22.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41329
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.2 Version: 7.0.0 ≤ 7.0.8 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:46.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-364", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-364" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41329", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:15:40.630242Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T14:31:07.124Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.3", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T16:22:02.418Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-364", "url": "https://fortiguard.com/psirt/FG-IR-22-364" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.11 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-41329", "datePublished": "2023-03-07T16:22:02.418Z", "dateReserved": "2022-09-23T15:07:35.781Z", "dateUpdated": "2024-10-23T14:31:07.124Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21762
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.14 Version: 2.0.0 ≤ 2.0.13 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 Version: 1.0.0 ≤ 1.0.7 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThan": "2.0.14", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThan": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThan": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThan": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThan": "6.2.16", "status": "affected", "version": "6.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThan": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThan": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThan": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThan": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-21762", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-12T17:59:22.915991Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2024-02-09", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21762" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:37:45.403Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:27:36.250Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-24-015", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-24-015" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.13", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.17", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-09T08:14:25.954Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-24-015", "url": "https://fortiguard.com/psirt/FG-IR-24-015" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.15 or above \nPlease upgrade to FortiProxy version 2.0.14 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.3 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiOS version 6.2.16 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-21762", "datePublished": "2024-02-09T08:14:25.954Z", "dateReserved": "2024-01-02T10:15:00.527Z", "dateUpdated": "2024-08-01T22:27:36.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41331
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | FortiPresence |
Version: 1.2.0 ≤ 1.2.1 Version: 1.1.0 ≤ 1.1.1 Version: 1.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.883Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-355", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-355" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41331", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:19:08.963120Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T14:29:35.185Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiPresence", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "1.2.1", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.1", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "status": "affected", "version": "1.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T16:06:05.258Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-355", "url": "https://fortiguard.com/psirt/FG-IR-22-355" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiPresence version 2.0.0 or above " } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-41331", "datePublished": "2023-04-11T16:06:05.258Z", "dateReserved": "2022-09-23T15:07:35.782Z", "dateUpdated": "2024-10-23T14:29:35.185Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-6648
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.fortiguard.com/psirt/FG-IR-20-009 | x_refsource_CONFIRM | |
https://www.fortiguard.com/psirt/FG-IR-20-236 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | FortiGate and FortiProxy |
Version: FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:11:04.625Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.fortiguard.com/psirt/FG-IR-20-009" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.fortiguard.com/psirt/FG-IR-20-236" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-6648", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-24T20:09:40.110577Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T14:24:11.567Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "FortiGate and FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier." } ] } ], "descriptions": [ { "lang": "en", "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-11T20:09:26", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.fortiguard.com/psirt/FG-IR-20-009" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.fortiguard.com/psirt/FG-IR-20-236" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2020-6648", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FortiGate and FortiProxy", "version": { "version_data": [ { "version_value": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier." } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 5.2, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.fortiguard.com/psirt/FG-IR-20-009", "refsource": "CONFIRM", "url": "https://www.fortiguard.com/psirt/FG-IR-20-009" }, { "name": "https://www.fortiguard.com/psirt/FG-IR-20-236", "refsource": "CONFIRM", "url": "https://www.fortiguard.com/psirt/FG-IR-20-236" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2020-6648", "datePublished": "2020-10-21T14:05:55", "dateReserved": "2020-01-09T00:00:00", "dateUpdated": "2024-10-25T14:24:11.567Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42475
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.7 Version: 2.0.0 ≤ 2.0.11 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 Version: 1.0.0 ≤ 1.0.7 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:40.927Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-398", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-398" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-42475", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:26:56.926267Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2022-12-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-42475" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T13:27:24.950Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.11", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.10", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.11", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.15", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "5.6.14", "status": "affected", "version": "5.6.0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.13", "status": "affected", "version": "5.4.0", "versionType": "semver" }, { "lessThanOrEqual": "5.2.15", "status": "affected", "version": "5.2.0", "versionType": "semver" }, { "lessThanOrEqual": "5.0.14", "status": "affected", "version": "5.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A heap-based buffer overflow vulnerability [CWE-122]\u00a0in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-197", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-02T08:18:49.444Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-398", "url": "https://fortiguard.com/psirt/FG-IR-22-398" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.2.3 or above\r\nPlease upgrade to FortiOS version 7.0.9 or above\r\nPlease upgrade to FortiOS version 6.4.11 or above\r\nPlease upgrade to FortiOS version 6.2.12 or above\r\nPlease upgrade to FortiOS version 6.0.16 or above\r\nPlease upgrade to upcoming FortiOS-6K7K version 7.0.8 or above\r\nPlease upgrade to FortiOS-6K7K version 6.4.10 or above\r\nPlease upgrade to FortiOS-6K7K version 6.2.12 or above\r\nPlease upgrade to FortiOS-6K7K version 6.0.15 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to upcoming FortiProxy version 2.0.12 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-42475", "datePublished": "2023-01-02T08:18:49.444Z", "dateReserved": "2022-10-07T14:05:36.301Z", "dateUpdated": "2024-10-23T13:27:24.950Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-17656
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-19-248 | x_refsource_CONFIRM | |
https://fortiguard.com/advisory/FG-IR-21-007 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiProxy, FortiOS |
Version: FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below; FortiOS 6.0.10 and below, 6.2.2 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:47:13.701Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-19-248" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-21-007" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-17656", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:58:54.865929Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T13:59:10.561Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiProxy, FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below; FortiOS 6.0.10 and below, 6.2.2 and below" } ] } ], "descriptions": [ { "lang": "en", "value": "A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Crash of the HTTPD service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-12T14:14:42", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-19-248" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-21-007" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2019-17656", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiProxy, FortiOS", "version": { "version_data": [ { "version_value": "FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below; FortiOS 6.0.10 and below, 6.2.2 and below" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "Low", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Crash of the HTTPD service" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-19-248", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-19-248" }, { "name": "https://fortiguard.com/advisory/FG-IR-21-007", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-21-007" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2019-17656", "datePublished": "2021-04-12T14:14:42", "dateReserved": "2019-10-16T00:00:00", "dateUpdated": "2024-10-25T13:59:10.561Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22130
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-21-006 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiProxy |
Version: FortiProxy 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:30:24.006Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-21-006" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-22130", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:13:48.067371Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T13:58:00.281Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiProxy 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Execute unauthorized code or commands", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-03T10:27:47", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-21-006" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-22130", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiProxy", "version": { "version_data": [ { "version_value": "FortiProxy 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-21-006", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-21-006" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-22130", "datePublished": "2021-06-03T10:27:47", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-10-25T13:58:00.281Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43072
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiAnalyzer |
Version: 7.0.0 ≤ 7.0.2 Version: 6.4.0 ≤ 6.4.7 Version: 6.2.0 ≤ 6.2.12 Version: 6.0.0 ≤ 6.0.12 Version: 5.6.0 ≤ 5.6.11 cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:5.6.0:*:*:*:*:*:*:* |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-43072", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T18:40:02.770628Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-16T18:40:17.373Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T03:47:13.197Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/advisory/FG-IR-21-206", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-21-206" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:5.6.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAnalyzer", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.2", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.7", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.12", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "5.6.11", "status": "affected", "version": "5.6.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.2", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.7", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.12", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "5.6.11", "status": "affected", "version": "5.6.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-17T14:05:39.988Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/advisory/FG-IR-21-206", "url": "https://fortiguard.com/advisory/FG-IR-21-206" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiAnalyzer version 7.0.3 or above \nPlease upgrade to FortiAnalyzer version 6.4.8 or above \nPlease upgrade to FortiManager version 7.0.3 or above \nPlease upgrade to FortiManager version 6.4.8 or above \nPlease upgrade to FortiOS version 7.2.0 or above \nPlease upgrade to FortiOS version 7.0.6 or above \nPlease upgrade to FortiProxy version 7.0.4 or above \nPlease upgrade to FortiProxy version 2.0.9 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-43072", "datePublished": "2023-07-18T00:01:04.306Z", "dateReserved": "2021-10-28T21:06:26.047Z", "dateUpdated": "2024-09-17T14:05:39.988Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22641
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.9 Version: 6.4.0 ≤ 6.4.12 Version: 6.2.0 ≤ 6.2.13 Version: 6.0.0 ≤ 6.0.16 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:13:49.470Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-479", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-479" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22641", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:18:17.850726Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:47:37.434Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A url redirection to untrusted site (\u0027open redirect\u0027) in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specially crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:H/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-601", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T16:06:13.309Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-479", "url": "https://fortiguard.com/psirt/FG-IR-22-479" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.9 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\n\u00a0" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-22641", "datePublished": "2023-04-11T16:06:13.309Z", "dateReserved": "2023-01-05T10:06:31.523Z", "dateUpdated": "2024-10-22T20:47:37.434Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29179
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.10 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-29179", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-22T16:40:02.132971Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:55.579Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T14:00:15.941Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-125", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-125" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-22T09:40:11.939Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-125", "url": "https://fortiguard.com/psirt/FG-IR-23-125" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.5 or above \nPlease upgrade to FortiProxy version 7.0.11 or above \nPlease upgrade to FortiSASE version 22.4 or above \nPlease upgrade to FortiOS version 7.4.0 or above \nPlease upgrade to FortiOS version 7.2.5 or above \nPlease upgrade to FortiOS version 7.0.12 or above \nPlease upgrade to FortiOS version 6.4.13 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-29179", "datePublished": "2024-02-22T09:40:11.939Z", "dateReserved": "2023-04-03T08:47:30.452Z", "dateUpdated": "2024-08-02T14:00:15.941Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29054
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 Version: 7.0.0 ≤ 7.0.7 Version: 6.4.0 ≤ 6.4.9 Version: 6.2.0 ≤ 6.2.12 Version: 6.0.0 ≤ 6.0.16 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:58.670Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-080", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-080" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-29054", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:18:29.615605Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:49:05.910Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.9", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.11", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A missing cryptographic steps vulnerability [CWE-325]\u00a0in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an\u00a0attacker in\u00a0possession of the encrypted key to decipher it." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:X", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-329", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T18:07:34.488Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-080", "url": "https://fortiguard.com/psirt/FG-IR-22-080" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.2.1 or above\r\nPlease upgrade to FortiOS version 7.0.8 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-29054", "datePublished": "2023-02-16T18:07:34.488Z", "dateReserved": "2022-04-11T13:56:39.869Z", "dateUpdated": "2024-10-22T20:49:05.910Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-23111
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.6 Version: 7.0.0 ≤ 7.0.13 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThan": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "custom" }, { "lessThan": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThan": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThan": "2.1.0", "status": "affected", "version": "2.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThan": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "custom" }, { "lessThan": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThan": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThan": "6.5.0", "status": "affected", "version": "6.4.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23111", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T03:55:22.809Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:51:11.306Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-471", "tags": [ "x_transferred" ], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-471" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of input during web page Generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-19T05:18:38.679Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-471", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-471" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.15 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-23111", "datePublished": "2024-06-11T14:32:00.312Z", "dateReserved": "2024-01-11T16:29:07.979Z", "dateUpdated": "2024-08-19T05:18:38.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44250
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.1 Version: 7.2.5 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:59:51.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-315", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-315" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-44250", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-14T17:24:51.505933Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-14T17:25:04.152Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "status": "affected", "version": "7.2.5" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-10T17:51:37.440Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-315", "url": "https://fortiguard.com/psirt/FG-IR-23-315" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiProxy version 7.4.2 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-44250", "datePublished": "2024-01-10T17:51:37.440Z", "dateReserved": "2023-09-27T12:26:48.750Z", "dateUpdated": "2024-11-14T17:25:04.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-41677
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.1 Version: 7.2.0 ≤ 7.2.6 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.14 Version: 6.2.0 ≤ 6.2.15 Version: 6.0.0 ≤ 6.0.18 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "custom" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "custom" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "custom" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "custom" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "custom" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "custom" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "custom" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-41677", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-11T04:01:14.917820Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-12T15:15:27.451Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T19:01:35.404Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-493", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-493" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-15T08:10:53.751Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-493", "url": "https://fortiguard.com/psirt/FG-IR-23-493" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSASE version 23.4.a or above \nPlease upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.13 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiOS version 6.2.16 or above \nPlease upgrade to FortiProxy version 7.4.2 or above \nPlease upgrade to FortiProxy version 7.2.8 or above \nPlease upgrade to FortiProxy version 7.0.14 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-41677", "datePublished": "2024-04-09T14:24:21.614Z", "dateReserved": "2023-08-30T13:42:39.547Z", "dateUpdated": "2024-08-02T19:01:35.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28002
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.16 Version: 6.0.0 ≤ 6.0.18 cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:* |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-396", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-396" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "2.0.13", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.17", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-28002", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-30T18:14:58.535601Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-30T18:20:58.090Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.19", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker\u00a0with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-354", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-18T14:54:04.182Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-396", "url": "https://fortiguard.com/psirt/FG-IR-22-396" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above \nPlease upgrade to FortiOS version 7.2.4 or above \nPlease upgrade to FortiOS version 7.0.13 or above \nPlease upgrade to FortiProxy version 7.4.2 or above \nPlease upgrade to FortiProxy version 7.2.9 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-28002", "datePublished": "2023-11-14T18:05:12.283Z", "dateReserved": "2023-03-09T10:09:33.120Z", "dateUpdated": "2024-10-18T14:54:04.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29181
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiPAM |
Version: 1.0.0 ≤ 1.0.3 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:00:15.852Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-119", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-119" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.14", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "5.6.14", "status": "affected", "version": "5.6.0", "versionType": "custom" }, { "lessThanOrEqual": "5.4.13", "status": "affected", "version": "5.4.0", "versionType": "custom" }, { "lessThanOrEqual": "5.2.15", "status": "affected", "version": "5.2.0", "versionType": "custom" }, { "lessThanOrEqual": "5.0.14", "status": "affected", "version": "5.0.0", "versionType": "custom" }, { "lessThanOrEqual": "4.3.19", "status": "affected", "version": "4.3.0", "versionType": "custom" }, { "lessThanOrEqual": "4.1.11", "status": "affected", "version": "4.2.0", "versionType": "custom" }, { "lessThanOrEqual": "4.1.11", "status": "affected", "version": "4.1.1", "versionType": "custom" }, { "lessThanOrEqual": "4.0.4", "status": "affected", "version": "4.0.0", "versionType": "custom" }, { "lessThanOrEqual": "6.2.14", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortipam", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.00", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-29181", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-22T16:59:29.245878Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-22T17:41:03.191Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.14", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "5.6.14", "status": "affected", "version": "5.6.0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.13", "status": "affected", "version": "5.4.0", "versionType": "semver" }, { "lessThanOrEqual": "5.2.15", "status": "affected", "version": "5.2.0", "versionType": "semver" }, { "lessThanOrEqual": "5.0.14", "status": "affected", "version": "5.0.0", "versionType": "semver" }, { "lessThanOrEqual": "4.3.19", "status": "affected", "version": "4.3.0", "versionType": "semver" }, { "lessThanOrEqual": "4.2.16", "status": "affected", "version": "4.2.0", "versionType": "semver" }, { "lessThanOrEqual": "4.1.11", "status": "affected", "version": "4.1.1", "versionType": "semver" }, { "lessThanOrEqual": "4.0.4", "status": "affected", "version": "4.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-134", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-22T09:40:06.212Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-119", "url": "https://fortiguard.com/psirt/FG-IR-23-119" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\nPlease upgrade to FortiOS version 6.2.15 or above\nPlease upgrade to FortiProxy version 7.2.5 or above\nPlease upgrade to FortiProxy version 7.0.11 or above\nPlease upgrade to FortiProxy version 2.0.13 or above\nPlease upgrade to FortiPAM version 1.1.0 or above\n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-29181", "datePublished": "2024-02-22T09:40:06.212Z", "dateReserved": "2023-04-03T08:47:30.452Z", "dateUpdated": "2024-08-22T17:41:03.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47536
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.0 ≤ 6.4.14 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:09:37.425Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-432", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:F/RL:O/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-13T08:06:01.706Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-432", "url": "https://fortiguard.com/psirt/FG-IR-23-432" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above \nPlease upgrade to FortiOS version 7.2.1 or above \nPlease upgrade to FortiProxy version 7.4.0 or above \nPlease upgrade to FortiProxy version 7.2.4 or above \nPlease upgrade to FortiProxy version 7.0.10 or above \nPlease upgrade to FortiProxy version 2.0.13 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-47536", "datePublished": "2023-12-13T08:06:01.706Z", "dateReserved": "2023-11-06T10:35:25.827Z", "dateUpdated": "2024-08-02T21:09:37.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39948
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.0.0 ≤ 7.0.6 Version: 2.0.0 ≤ 2.0.11 Version: 1.2.0 ≤ 1.2.13 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:07:42.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-257", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-257" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-39948", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:18:34.434332Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:49:38.976Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.6", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.11", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2\u00a0all versions, 6.0\u00a0all versions and FortiProxy 7.0.0 through 7.0.6, 2.0\u00a0all versions, 1.2\u00a0all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T18:06:29.870Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-257", "url": "https://fortiguard.com/psirt/FG-IR-22-257" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.0 or above Please upgrade to FortiProxy version 7.0.7 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.8 or above " } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-39948", "datePublished": "2023-02-16T18:06:29.870Z", "dateReserved": "2022-09-05T13:11:35.552Z", "dateUpdated": "2024-10-22T20:49:38.976Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42755
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-21-155 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy |
Version: FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:38:50.211Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-21-155" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10\u00a0and below; FortiOS 7.0.2 and below, 6.4.8\u00a0and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10\u00a0and below" } ] } ], "descriptions": [ { "lang": "en", "value": "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-18T16:35:20", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/psirt/FG-IR-21-155" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-42755", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy", "version": { "version_data": [ { "version_value": "FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10\u00a0and below; FortiOS 7.0.2 and below, 6.4.8\u00a0and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10\u00a0and below" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Adjacent", "availabilityImpact": "Low", "baseScore": 4.2, "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/psirt/FG-IR-21-155", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-21-155" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-42755", "datePublished": "2022-07-18T16:35:20", "dateReserved": "2021-10-20T00:00:00", "dateUpdated": "2024-08-04T03:38:50.211Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43206
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-21-231 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS, FortiProxy |
Version: FortiOS 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0; FortiProxy 7.0.1, 7.0.0, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:47:13.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-21-231" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-43206", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:19:35.576131Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:57:35.305Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS, FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0; FortiProxy 7.0.1, 7.0.0, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy\u0027s client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.1, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-04T15:25:26", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/psirt/FG-IR-21-231" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-43206", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS, FortiProxy", "version": { "version_data": [ { "version_value": "FortiOS 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0; FortiProxy 7.0.1, 7.0.0, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy\u0027s client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 4.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/psirt/FG-IR-21-231", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-21-231" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-43206", "datePublished": "2022-05-04T15:25:26", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-10-22T20:57:35.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42757
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-21-173 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS |
Version: FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:38:50.116Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-21-173" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Execute unauthorized code or commands", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-08T11:01:11", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-21-173" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-42757", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS", "version": { "version_data": [ { "version_value": "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", "baseScore": 6.3, "baseSeverity": "Medium", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-21-173", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-21-173" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-42757", "datePublished": "2021-12-08T11:01:11", "dateReserved": "2021-10-20T00:00:00", "dateUpdated": "2024-08-04T03:38:50.116Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-42789
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.1 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.14 Version: 6.2.0 ≤ 6.2.15 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:30:24.297Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-328", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-328" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortipam", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.13", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "7.4.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-42789", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-15T16:38:32.476430Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-12T18:00:28.370Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.13", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-12T15:09:18.416Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-328", "url": "https://fortiguard.com/psirt/FG-IR-23-328" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.2 or above\r\nPlease upgrade to FortiOS version 7.2.6 or above\r\nPlease upgrade to FortiOS version 7.0.13 or above\r\nPlease upgrade to FortiOS version 6.4.15 or above\r\nPlease upgrade to FortiOS version 6.2.16 or above\r\nPlease upgrade to FortiProxy version 7.4.1 or above\r\nPlease upgrade to FortiProxy version 7.2.7 or above\r\nPlease upgrade to FortiProxy version 7.0.13 or above\r\nPlease upgrade to FortiProxy version 2.0.14 or above\r\nFortinet in Q3/23 has remediated this issue in FortiSASE version 23.3.b and hence the customers need not perform any action.\r\n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-42789", "datePublished": "2024-03-12T15:09:18.416Z", "dateReserved": "2023-09-14T08:37:38.657Z", "dateUpdated": "2024-08-12T18:00:28.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-23113
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiSwitchManager |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.3 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T22:51:11.285Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-24-029", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-24-029" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortipam", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" }, { "status": "affected", "version": "1.2.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23113", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-09T12:58:44.488595Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2024-10-09", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-10-10T14:01:05.045Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "1.2.0" }, { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-134", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-15T13:59:25.313Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-24-029", "url": "https://fortiguard.com/psirt/FG-IR-24-029" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiSwitchManager version 7.0.4 or above \nPlease upgrade to FortiOS version 7.4.3 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiPAM version 1.2.1 or above \nPlease upgrade to FortiPAM version 1.1.3 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.16 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-23113", "datePublished": "2024-02-15T13:59:25.313Z", "dateReserved": "2024-01-11T16:29:07.980Z", "dateUpdated": "2024-10-10T14:01:05.045Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22639
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.10 Version: 6.4.0 ≤ 6.4.12 Version: 6.2.0 ≤ 6.2.15 Version: 6.0.0 ≤ 6.0.17 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:13:49.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-494", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-494" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22639", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:10:57.056496Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T14:26:22.679Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.17", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Escalation of privilege", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:41:44.785Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-494", "url": "https://fortiguard.com/psirt/FG-IR-22-494" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.9 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-22639", "datePublished": "2023-06-13T08:41:44.785Z", "dateReserved": "2023-01-05T10:06:31.522Z", "dateUpdated": "2024-10-23T14:26:22.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41330
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.7 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:46.261Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-363", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-363" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41330", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:11:25.297377Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T14:30:33.980Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of input during web page generation vulnerability (\u0027Cross-site Scripting\u0027) [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T16:05:38.973Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-363", "url": "https://fortiguard.com/psirt/FG-IR-22-363" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above\r\nPlease upgrade to FortiOS version 6.2.13 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-41330", "datePublished": "2023-04-11T16:05:38.973Z", "dateReserved": "2022-09-23T15:07:35.782Z", "dateUpdated": "2024-10-23T14:30:33.980Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-13381
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-18-387 | x_refsource_CONFIRM | |
https://fortiguard.com/advisory/FG-IR-20-232 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS and FortiProxy |
Version: FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:00:35.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-18-387" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-20-232" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2018-13381", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-24T20:09:54.861955Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T14:29:10.377Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS and FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier." } ] } ], "datePublic": "2019-05-17T00:00:00", "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-09T16:04:07", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-18-387" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-20-232" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2018-13381", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS and FortiProxy", "version": { "version_data": [ { "version_value": "FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier." } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "Low", "baseScore": 5.2, "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-18-387", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-18-387" }, { "name": "https://fortiguard.com/advisory/FG-IR-20-232", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-20-232" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2018-13381", "datePublished": "2019-06-04T20:26:34", "dateReserved": "2018-07-06T00:00:00", "dateUpdated": "2024-10-25T14:29:10.377Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33308
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.2 Version: 7.0.0 ≤ 7.0.9 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:36.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-183", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-183" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-33308", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:07:14.340046Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T13:07:25.250Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-26T14:00:25.931Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-183", "url": "https://fortiguard.com/psirt/FG-IR-23-183" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-33308", "datePublished": "2023-07-26T14:00:25.931Z", "dateReserved": "2023-05-22T07:58:22.197Z", "dateUpdated": "2024-10-23T13:07:25.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41327
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.8 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.712Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-380", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-380" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41327", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:11:01.701994Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T14:27:14.451Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-319", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:41:41.742Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-380", "url": "https://fortiguard.com/psirt/FG-IR-22-380" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.9 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-41327", "datePublished": "2023-06-13T08:41:41.742Z", "dateReserved": "2022-09-23T15:07:35.780Z", "dateUpdated": "2024-10-23T14:27:14.451Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26110
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-20-131 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS, FortiProxy |
Version: FortiOS 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below. FortiProxy 2.0.1 and below, 1.2.9 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:20.350Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-20-131" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-26110", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:13:16.701692Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T13:42:47.340Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS, FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 7.0.0, 6.4.6\u00a0and below, 6.2.9\u00a0and below, 6.0.12 and below. FortiProxy 2.0.1 and below, 1.2.9 and below" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.4, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-08T10:41:25", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-20-131" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-26110", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS, FortiProxy", "version": { "version_data": [ { "version_value": "FortiOS 7.0.0, 6.4.6\u00a0and below, 6.2.9\u00a0and below, 6.0.12 and below. FortiProxy 2.0.1 and below, 1.2.9 and below" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", "baseScore": 7.4, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-20-131", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-20-131" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-26110", "datePublished": "2021-12-08T10:41:25", "dateReserved": "2021-01-25T00:00:00", "dateUpdated": "2024-10-25T13:42:47.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45583
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.10 |
||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "2.*", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.2", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "7.4.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "6.4.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "6.2.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortipam", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.1.*", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-45583", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T17:49:39.269934Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:19:59.485Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:21:16.756Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-137", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-137" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "1.1.0" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.2", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-134", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-14T16:19:18.797Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-137", "url": "https://fortiguard.com/psirt/FG-IR-23-137" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.1 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiSwitchManager version 7.2.3 or above \nPlease upgrade to FortiSwitchManager version 7.0.3 or above \nPlease upgrade to FortiProxy version 7.2.6 or above \nPlease upgrade to FortiProxy version 7.0.12 or above \nPlease upgrade to FortiPAM version 1.1.1 or above \nPlease upgrade to FortiSASE version 22.4 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-45583", "datePublished": "2024-05-14T16:19:18.797Z", "dateReserved": "2023-10-09T08:01:29.296Z", "dateUpdated": "2024-08-02T20:21:16.756Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26092
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-20-199 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS, FortiProxy |
Version: FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:19.466Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-20-199" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-26092", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:19:50.615447Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T21:01:11.565Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS, FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:F/RL:X/RC:X", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Execute unauthorized code or commands", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-24T02:45:57", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/psirt/FG-IR-20-199" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-26092", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS, FortiProxy", "version": { "version_data": [ { "version_value": "FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 4.6, "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:F/RL:X/RC:X", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/psirt/FG-IR-20-199", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-20-199" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-26092", "datePublished": "2022-02-24T02:45:57", "dateReserved": "2021-01-25T00:00:00", "dateUpdated": "2024-10-22T21:01:11.565Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29178
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.9 Version: 2.0.0 ≤ 2.0.12 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:00:15.896Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-095", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-095" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-29178", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:17:55.847522Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:45:18.608Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.13", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.17", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:41:48.959Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-095", "url": "https://fortiguard.com/psirt/FG-IR-23-095" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.12 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-29178", "datePublished": "2023-06-13T08:41:48.959Z", "dateReserved": "2023-04-03T08:47:30.452Z", "dateUpdated": "2024-10-22T20:45:18.608Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33305
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiWeb |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.6 Version: 6.4.0 ≤ 6.4.3 Version: 6.3.0 ≤ 6.3.23 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:36.126Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-375", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-375" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-33305", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:17:54.739280Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:45:10.279Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiWeb", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.6", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.3", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.3.23", "status": "affected", "version": "6.3.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.13", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.17", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "5.6.14", "status": "affected", "version": "5.6.0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.13", "status": "affected", "version": "5.4.0", "versionType": "semver" }, { "lessThanOrEqual": "5.2.15", "status": "affected", "version": "5.2.0", "versionType": "semver" }, { "lessThanOrEqual": "5.0.14", "status": "affected", "version": "5.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A loop with unreachable exit condition (\u0027infinite loop\u0027) in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:41:49.501Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-375", "url": "https://fortiguard.com/psirt/FG-IR-22-375" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiPAM version 1.0.0 or above\r\nPlease upgrade to FortiWeb version 7.2.2 or above\r\nPlease upgrade to FortiWeb version 7.0.7 or above\r\nPlease upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-33305", "datePublished": "2023-06-13T08:41:49.501Z", "dateReserved": "2023-05-22T07:58:22.197Z", "dateUpdated": "2024-10-22T20:45:10.279Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45861
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.9 Version: 6.4.0 ≤ 6.4.11 Version: 6.2.0 ≤ 6.2.13 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:24:02.823Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-477", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-477" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-45861", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:18:22.883912Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:48:10.646Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.11", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.5", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T16:21:49.923Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-477", "url": "https://fortiguard.com/psirt/FG-IR-22-477" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiProxy version 2.0.12 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-45861", "datePublished": "2023-03-07T16:21:49.923Z", "dateReserved": "2022-11-23T14:57:05.613Z", "dateUpdated": "2024-10-22T20:48:10.646Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29183
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.10 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:00:15.995Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-106", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-106" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-29183", "options": [ { "Exploitation": "None" }, { "Automatable": "No" }, { "Technical Impact": "Total" } ], "role": "CISA Coordinator", "timestamp": "2023-11-15T16:35:37.397795Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T21:00:12.580Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.14", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-13T12:29:55.625Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-106", "url": "https://fortiguard.com/psirt/FG-IR-23-106" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.5 or above Please upgrade to FortiProxy version 7.0.11 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiOS version 6.2.15 or above " } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-29183", "datePublished": "2023-09-13T12:29:55.625Z", "dateReserved": "2023-04-03T08:47:30.452Z", "dateUpdated": "2024-10-22T21:00:12.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-13383
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-18-388 | x_refsource_CONFIRM | |
https://fortiguard.com/advisory/FG-IR-20-229 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS and FortiProxy |
Version: FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier, FortiProxy 2.0.0, 1.2.8 and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:00:35.101Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-18-388" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-20-229" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2018-13383", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:33:02.861324Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2022-01-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-13383" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-23T13:33:26.711Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS and FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier, FortiProxy 2.0.0, 1.2.8 and earlier" } ] } ], "datePublic": "2019-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-09T16:01:31", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-18-388" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-20-229" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2018-13383", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS and FortiProxy", "version": { "version_data": [ { "version_value": "FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier, FortiProxy 2.0.0, 1.2.8 and earlier" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "Low", "baseScore": 4.2, "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-18-388", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-18-388" }, { "name": "https://fortiguard.com/advisory/FG-IR-20-229", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-20-229" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2018-13383", "datePublished": "2019-05-29T17:20:03", "dateReserved": "2018-07-06T00:00:00", "dateUpdated": "2024-10-23T13:33:26.711Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26015
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.10 Version: 7.0.0 ≤ 7.0.18 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThan": "7.1.0", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThan": "7.3.0", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThan": "7.1.0", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThan": "7.3.0", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26015", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T16:00:34.064801Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T16:05:01.819Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.104Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446", "tags": [ "x_transferred" ], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.18", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:F/RL:W/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1389", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T15:33:30.260Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.4.4 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.4 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-26015", "datePublished": "2024-07-09T15:33:30.260Z", "dateReserved": "2024-02-14T09:18:43.246Z", "dateUpdated": "2024-08-01T23:59:31.104Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27997
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS-6K7K |
Version: 7.0.10 Version: 7.0.5 Version: 6.4.12 Version: 6.4.10 Version: 6.4.8 Version: 6.4.6 Version: 6.4.2 Version: 6.2.9 ≤ 6.2.13 Version: 6.2.6 ≤ 6.2.7 Version: 6.2.4 Version: 6.0.12 ≤ 6.0.16 Version: 6.0.10 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.864Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-097", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-097" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-27997", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:18:08.089433Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2023-06-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27997" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T13:18:14.745Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS-6K7K", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.0.10" }, { "status": "affected", "version": "7.0.5" }, { "status": "affected", "version": "6.4.12" }, { "status": "affected", "version": "6.4.10" }, { "status": "affected", "version": "6.4.8" }, { "status": "affected", "version": "6.4.6" }, { "status": "affected", "version": "6.4.2" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.9", "versionType": "semver" }, { "lessThanOrEqual": "6.2.7", "status": "affected", "version": "6.2.6", "versionType": "semver" }, { "status": "affected", "version": "6.2.4" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.12", "versionType": "semver" }, { "status": "affected", "version": "6.0.10" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.9", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:41:47.415Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-097", "url": "https://fortiguard.com/psirt/FG-IR-23-097" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS-6K7K version 7.0.12 or above\r\nPlease upgrade to FortiOS-6K7K version 6.4.13 or above\r\nPlease upgrade to FortiOS-6K7K version 6.2.15 or above\r\nPlease upgrade to FortiOS-6K7K version 6.0.17 or above\r\nPlease upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above\r\nPlease upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.12 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiOS version 6.2.14 or above\r\nPlease upgrade to FortiOS version 6.0.17 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-27997", "datePublished": "2023-06-13T08:41:47.415Z", "dateReserved": "2023-03-09T10:09:33.119Z", "dateUpdated": "2024-10-23T13:18:14.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22128
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-20-235 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiProxy |
Version: FortiProxy 2.0.0, 1.2.9 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:30:24.008Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-20-235" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-22128", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:59:02.669973Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T13:59:55.356Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiProxy 2.0.0, 1.2.9 and below" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Access Control", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-04T17:27:43", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-20-235" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-22128", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiProxy", "version": { "version_data": [ { "version_value": "FortiProxy 2.0.0, 1.2.9 and below" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "High", "baseScore": 6.9, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Access Control" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-20-235", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-20-235" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-22128", "datePublished": "2021-03-04T17:27:43", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-10-25T13:59:55.356Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-23112
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.1 Version: 7.2.0 ≤ 7.2.6 Version: 7.0.1 ≤ 7.0.13 Version: 6.4.7 ≤ 6.4.14 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.1", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.7", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23112", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-16T04:00:42.744773Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-25T15:56:14.854Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:51:11.269Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-24-013", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-24-013" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.1", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.7", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user\u2019s bookmark via URL manipulation." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-639", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-12T15:09:17.877Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-24-013", "url": "https://fortiguard.com/psirt/FG-IR-24-013" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.15 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-23112", "datePublished": "2024-03-12T15:09:17.877Z", "dateReserved": "2024-01-11T16:29:07.979Z", "dateUpdated": "2024-08-01T22:51:11.269Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36639
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.11 Version: 6.4.0 ≤ 6.4.12 Version: 6.2.0 ≤ 6.2.15 Version: 6.0.0 ≤ 6.0.17 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.282Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-138", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-138" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.17", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "1.1.0" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-134", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-13T06:42:44.194Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-138", "url": "https://fortiguard.com/psirt/FG-IR-23-138" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.1 or above \nPlease upgrade to FortiOS version 7.2.5 or above \nPlease upgrade to FortiOS version 7.0.12 or above \nPlease upgrade to FortiOS version 6.4.13 or above \nPlease upgrade to FortiOS version 6.2.16 or above \nPlease upgrade to FortiPAM version 1.2.0 or above \nPlease upgrade to FortiPAM version 1.1.1 or above \nPlease upgrade to FortiProxy version 7.4.0 or above \nPlease upgrade to FortiProxy version 7.2.5 or above \nPlease upgrade to FortiProxy version 7.0.11 or above \nPlease upgrade to FortiSASE version 23.3 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-36639", "datePublished": "2023-12-13T06:42:44.194Z", "dateReserved": "2023-06-25T18:03:39.227Z", "dateUpdated": "2024-08-02T16:52:54.282Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45586
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.1 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.13 Version: 2.0.0 ≤ 2.0.14 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThan": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-45586", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T18:40:45.753206Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T12:42:53.871Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:21:16.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-225", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-225" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 \u0026 FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-345", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-14T16:19:09.998Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-225", "url": "https://fortiguard.com/psirt/FG-IR-23-225" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.4.2 or above \nPlease upgrade to FortiProxy version 7.2.8 or above \nPlease upgrade to FortiProxy version 7.0.14 or above \nPlease upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.13 or above \nPlease upgrade to FortiSASE version 23.4.a or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-45586", "datePublished": "2024-05-14T16:19:09.998Z", "dateReserved": "2023-10-09T08:01:29.296Z", "dateUpdated": "2024-08-02T20:21:16.569Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21754
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.10 Version: 7.0.0 ≤ 7.0.17 Version: 2.0.0 ≤ 2.0.14 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21754", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-11T16:13:02.843870Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-11T16:13:16.539Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:27:36.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423", "tags": [ "x_transferred" ], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.17", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a\u00a0privileged attacker with super-admin profile and CLI access to decrypting the backup file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N/E:F/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-916", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-11T14:32:01.335Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiOS version 7.4.4 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-21754", "datePublished": "2024-06-11T14:32:01.335Z", "dateReserved": "2024-01-02T10:15:00.526Z", "dateUpdated": "2024-08-01T22:27:36.270Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22640
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.10 Version: 6.4.0 ≤ 6.4.11 Version: 6.2.0 ≤ 6.2.13 Version: 6.0.0 ≤ 6.0.16 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:13:49.407Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-475", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-475" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22640", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:11:09.946619Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T14:28:13.885Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T21:26:29.469Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-475", "url": "https://fortiguard.com/psirt/FG-IR-22-475" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above\r\nPlease upgrade to FortiOS version 6.2.14 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\n\u00a0\nWorkaround:\n\u00a0\nDisable \"Host Check\", \"Restrict to Specific OS Versions\" and \"MAC address host checking\" in sslvpn portal configuration. For example for \"full-access\" sslvpn portal:\n\u00a0\nconfig vpn ssl web portal\r\nedit \"full-access\"\r\nset os-check disable\r\nset host-check none\r\nset mac-addr-check disable\r\nend" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-22640", "datePublished": "2023-05-03T21:26:29.469Z", "dateReserved": "2023-01-05T10:06:31.522Z", "dateUpdated": "2024-10-23T14:28:13.885Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29055
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS, FortiProxy |
Version: FortiOS 7.2.0, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiProxy 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.9, 1.2.8, 1.2.7, 1.2.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:59.155Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-086" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-29055", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:15:53.388887Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T13:29:37.823Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS, FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 7.2.0, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiProxy 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 2.0.9, 2.0.8, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.9, 1.2.8, 1.2.7, 1.2.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-18T00:00:00", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-22-086" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-29055", "datePublished": "2022-10-10T00:00:00", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-10-25T13:29:37.823Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26010
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiPAM |
Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3 |
||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortipam", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "1.2.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortipam", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortipam", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "2.0.13", "status": "affected", "version": "2.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:1.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:1.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26010", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T03:55:22.095Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.322Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-036", "tags": [ "x_transferred" ], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-036" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "1.2.0" }, { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.13", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-11T14:32:03.697Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-036", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-036" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiPAM version 1.3.0 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiWeb version 7.6.0 or above \nPlease upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiSwitchManager version 7.0.4 or above \nPlease upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.15 or above \nPlease upgrade to FortiProxy version 7.4.4 or above \nPlease upgrade to FortiProxy version 7.2.10 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-26010", "datePublished": "2024-06-11T14:32:03.697Z", "dateReserved": "2024-02-14T09:18:43.245Z", "dateUpdated": "2024-08-01T23:59:31.322Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43953
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.7 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:47:05.147Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-463", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-463" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-43953", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:10:58.474025Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T14:26:46.864Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-134", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:41:43.764Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-463", "url": "https://fortiguard.com/psirt/FG-IR-22-463" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above " } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-43953", "datePublished": "2023-06-13T08:41:43.764Z", "dateReserved": "2022-10-27T07:40:06.590Z", "dateUpdated": "2024-10-23T14:26:46.864Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29180
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.11 Version: 6.4.0 ≤ 6.4.12 Version: 6.2.0 ≤ 6.2.14 Version: 6.0.0 ≤ 6.0.16 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:00:15.879Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-111", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-111" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2..14", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-29180", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T19:10:11.418944Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T19:14:50.810Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.14", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-22T09:40:16.463Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-111", "url": "https://fortiguard.com/psirt/FG-IR-23-111" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above \nPlease upgrade to FortiOS version 7.2.5 or above \nPlease upgrade to FortiOS version 7.0.12 or above \nPlease upgrade to FortiOS version 6.4.13 or above \nPlease upgrade to FortiOS version 6.2.15 or above \nPlease upgrade to FortiOS version 6.0.17 or above \nPlease upgrade to FortiSASE version 22.4 or above \nPlease upgrade to FortiProxy version 7.2.4 or above \nPlease upgrade to FortiProxy version 7.0.11 or above \nPlease upgrade to FortiProxy version 2.0.13 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-29180", "datePublished": "2024-02-22T09:40:16.463Z", "dateReserved": "2023-04-03T08:47:30.452Z", "dateUpdated": "2024-08-14T19:14:50.810Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26103
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-20-158 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS |
Version: FortiOS 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:19.361Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-20-158" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-26103", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:57:43.763511Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T13:41:21.796Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0" } ] } ], "descriptions": [ { "lang": "en", "value": "An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 6.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Improper access control", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-08T12:01:12", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-20-158" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-26103", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS", "version": { "version_data": [ { "version_value": "FortiOS 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "Low", "baseScore": 6.2, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper access control" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-20-158", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-20-158" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-26103", "datePublished": "2021-12-08T12:01:12", "dateReserved": "2021-01-25T00:00:00", "dateUpdated": "2024-10-25T13:41:21.796Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36641
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.10 Version: 2.0.0 ≤ 2.0.13 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 Version: 1.0.0 ≤ 1.0.7 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.196Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-151", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-151" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36641", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-30T18:21:33.734110Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-30T18:21:45.483Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.13", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.15", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.17", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-197", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T18:05:00.645Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-151", "url": "https://fortiguard.com/psirt/FG-IR-23-151" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSASE version 23.3.b or above \nPlease upgrade to FortiProxy version 7.2.5 or above \nPlease upgrade to FortiProxy version 7.0.11 or above \nPlease upgrade to FortiOS version 7.4.1 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiOS version 7.0.13 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-36641", "datePublished": "2023-11-14T18:05:00.645Z", "dateReserved": "2023-06-25T18:03:39.228Z", "dateUpdated": "2024-08-30T18:21:45.483Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40680
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.0.0 ≤ 7.0.1 Version: 2.0.0 ≤ 2.0.11 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:21:46.588Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-21-248", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-21-248" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-40680", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:18:53.836074Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:51:47.554Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.1", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.11", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.9", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.2", "versionType": "semver" }, { "lessThanOrEqual": "6.0.15", "status": "affected", "version": "6.0.7", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T16:00:38.136Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-21-248", "url": "https://fortiguard.com/psirt/FG-IR-21-248" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.2.2\r\nPlease upgrade to FortiOS version 7.0.7\r\nPlease upgrade to FortiOS version 6.4.10 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-40680", "datePublished": "2022-12-06T16:00:38.136Z", "dateReserved": "2022-09-14T13:17:43.617Z", "dateUpdated": "2024-10-22T20:51:47.554Z", "requesterUserId": "a0475cc0-be89-4a25-97b3-d1b8023a8677", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26011
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.11 Version: 6.4.0 ≤ 6.4.14 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26011", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T18:44:31.679521Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:44:42.785Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "1.2.0" }, { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.19", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiPortal", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "6.0.14", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "5.3.8", "status": "affected", "version": "5.3.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-12T18:53:56.665Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-032", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-032" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.12 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiSwitchManager version 7.0.4 or above \nPlease upgrade to FortiWeb version 7.6.0 or above \nPlease upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiPAM version 1.3.0 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiProxy version 7.4.4 or above \nPlease upgrade to FortiProxy version 7.2.10 or above \nPlease upgrade to FortiPortal version 6.0.15 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.15 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-26011", "datePublished": "2024-11-12T18:53:56.665Z", "dateReserved": "2024-02-14T09:18:43.245Z", "dateUpdated": "2024-11-13T18:44:42.785Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-41675
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.10 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:01:35.454Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-184", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-184" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-41675", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-18T20:02:08.865165Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-18T20:04:30.066Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-10T16:49:55.789Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-184", "url": "https://fortiguard.com/psirt/FG-IR-23-184" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.9 or above\nFortiSASE is no longer impacted, issue remediated Q2/23" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-41675", "datePublished": "2023-10-10T16:49:55.789Z", "dateReserved": "2023-08-30T13:42:39.547Z", "dateUpdated": "2024-09-18T20:04:30.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42476
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.8 Version: 6.4.0 ≤ 6.4.11 Version: 6.2.0 ≤ 6.2.12 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:40.836Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-401", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-401" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-42476", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:11:27.802267Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T14:31:15.323Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.11", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "Escalation of privilege", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T16:21:53.725Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-401", "url": "https://fortiguard.com/psirt/FG-IR-22-401" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.9 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above\r\nPlease upgrade to FortiOS version 6.2.13 or above\n\u00a0" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-42476", "datePublished": "2023-03-07T16:21:53.725Z", "dateReserved": "2022-10-07T14:05:36.301Z", "dateUpdated": "2024-10-23T14:31:15.323Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33510
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.16 cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-33510", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T18:45:31.685889Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:45:40.158Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.16", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.16", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An\u00a0improper neutralization of special elements in output used by a downstream component (\u0027Injection\u0027) vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-358", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-12T18:53:45.839Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-033", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-033" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiProxy version 7.4.4 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-33510", "datePublished": "2024-11-12T18:53:45.839Z", "dateReserved": "2024-04-23T14:18:29.831Z", "dateUpdated": "2024-11-13T18:45:40.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35843
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 Version: 7.0.0 ≤ 7.0.6 Version: 6.4.0 ≤ 6.4.9 Version: 6.2.0 ≤ 6.2.12 Version: 6.0.0 ≤ 6.0.15 Version: 6.2.0 ≤ Version: 6.0.0 ≤ |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:44:22.078Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-255", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-255" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-35843", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:12:06.335689Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T14:51:54.623Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "lessThanOrEqual": "7.0.6", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.9", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.15", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThan": "6.2.*", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThan": "6.0.*", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.5", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.10", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T16:00:33.269Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-255", "url": "https://fortiguard.com/psirt/FG-IR-22-255" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.2.2 or above\r\nPlease upgrade to FortiOS version 7.0.8 or above\r\nPlease upgrade to FortiOS version 6.4.10 or above\n\r\nPlease upgrade to FortiProxy version 7.0.7 or above\r\nPlease upgrade to FortiProxy version 2.0.11 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-35843", "datePublished": "2022-12-06T16:00:33.269Z", "dateReserved": "2022-07-13T20:38:49.332Z", "dateUpdated": "2024-10-23T14:51:54.623Z", "requesterUserId": "a0475cc0-be89-4a25-97b3-d1b8023a8677", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41335
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiSwitchManager |
Version: 7.2.0 Version: 7.0.0 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:46.229Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-391", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-391" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41335", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:12:00.557237Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T14:50:43.903Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "status": "affected", "version": "7.0.0" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.11", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.12", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.11", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThan": "1.2.*", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThan": "1.1.*", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThan": "1.0.*", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A relative path traversal vulnerability\u00a0[CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T18:05:14.761Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-391", "url": "https://fortiguard.com/psirt/FG-IR-22-391" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.2.3 or above\r\nPlease upgrade to FortiOS version 7.0.9 or above\r\nPlease upgrade to FortiOS version 6.4.11 or above\r\nPlease upgrade to FortiOS version 6.2.13 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiProxy version 2.0.11 or above\r\nPlease upgrade to FortiSwitchManager version 7.2.1 or above\r\nPlease upgrade to FortiSwitchManager version 7.0.1 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-41335", "datePublished": "2023-02-16T18:05:14.761Z", "dateReserved": "2022-09-23T15:07:35.783Z", "dateUpdated": "2024-10-23T14:50:43.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-13382
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-18-389 | x_refsource_CONFIRM | |
https://www.fortiguard.com/psirt/FG-IR-20-231 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS, FortiProxy |
Version: FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:00:35.087Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-18-389" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.fortiguard.com/psirt/FG-IR-20-231" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2018-13382", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:31:11.882776Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2022-01-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-13382" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-23T13:31:37.705Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS, FortiProxy", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7" } ] } ], "datePublic": "2019-05-24T00:00:00", "descriptions": [ { "lang": "en", "value": "An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Access Control", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-03T10:28:48", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-18-389" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.fortiguard.com/psirt/FG-IR-20-231" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2018-13382", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS, FortiProxy", "version": { "version_data": [ { "version_value": "FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests" } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 8.9, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Access Control" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-18-389", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-18-389" }, { "name": "https://www.fortiguard.com/psirt/FG-IR-20-231", "refsource": "CONFIRM", "url": "https://www.fortiguard.com/psirt/FG-IR-20-231" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2018-13382", "datePublished": "2019-06-04T20:33:53", "dateReserved": "2018-07-06T00:00:00", "dateUpdated": "2024-10-23T13:31:37.705Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22299
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-21-235 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiADC, FortiProxy, FortiMail, FortiOS |
Version: FortiADC 6.2.1, 6.2.0, 6.1.6, 6.1.5, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiProxy 7.0.1, 7.0.0, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0; FortiMail 7.0.2, 7.0.1, 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0; FortiOS 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, ...[truncated*] |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:07:50.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-21-235" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-22299", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:12:25.586581Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T13:30:31.683Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiADC, FortiProxy, FortiMail, FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiADC 6.2.1, 6.2.0, 6.1.6, 6.1.5, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiProxy 7.0.1, 7.0.0, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0; FortiMail 7.0.2, 7.0.1, 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0; FortiOS 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, ...[truncated*]" } ] } ], "descriptions": [ { "lang": "en", "value": "A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.4, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Execute unauthorized code or commands", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-05T15:23:52", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/psirt/FG-IR-21-235" } ], "x_ConverterErrors": { "version_name": { "error": "version_name too long. Use array of versions to record more than one version.", "message": "Truncated!" } }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2022-22299", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiADC, FortiProxy, FortiMail, FortiOS", "version": { "version_data": [ { "version_value": "FortiADC 6.2.1, 6.2.0, 6.1.6, 6.1.5, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiProxy 7.0.1, 7.0.0, 2.0.7, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.13, 1.2.12, 1.2.11, 1.2.10, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0; FortiMail 7.0.2, 7.0.1, 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0; FortiOS 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", "baseScore": 7.4, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/psirt/FG-IR-21-235", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-21-235" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-22299", "datePublished": "2022-08-05T15:23:52", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-10-25T13:30:31.683Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44170
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-21-179 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiProxy, FortiOS |
Version: FortiOS before 7.0.4; FortiProxy before 2.0.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:17:24.928Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-21-179" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-44170", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:12:34.314692Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T13:31:34.279Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiProxy, FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS before 7.0.4; FortiProxy before 2.0.8" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Execute unauthorized code or commands", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-18T16:35:11", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/psirt/FG-IR-21-179" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-44170", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiProxy, FortiOS", "version": { "version_data": [ { "version_value": "FortiOS before 7.0.4; FortiProxy before 2.0.8" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", "baseScore": 6.3, "baseSeverity": "Medium", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/psirt/FG-IR-21-179", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-21-179" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-44170", "datePublished": "2022-07-18T16:35:11", "dateReserved": "2021-11-23T00:00:00", "dateUpdated": "2024-10-25T13:31:34.279Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43947
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.10 Version: 6.4.0 ≤ 6.4.12 Version: 6.2.0 ≤ 6.2.13 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.579Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-444", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-22-444" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-43947", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T20:18:15.478464Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T20:47:20.788Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.12", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.12", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An\u00a0improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-307", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T16:07:03.597Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-22-444", "url": "https://fortiguard.com/psirt/FG-IR-22-444" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.11 or above Please upgrade to FortiOS version 6.4.13 or above " } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-43947", "datePublished": "2023-04-11T16:07:03.597Z", "dateReserved": "2022-10-27T07:40:06.589Z", "dateUpdated": "2024-10-22T20:47:20.788Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-41024
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://fortiguard.com/advisory/FG-IR-21-181 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Fortinet | Fortinet FortiOS |
Version: FortiOS 7.0.1, 7.0.0 FortiProxy 7.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:59:31.271Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/advisory/FG-IR-21-181" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-41024", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T14:16:07.290505Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T13:41:11.256Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "FortiOS 7.0.1, 7.0.0 FortiProxy 7.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Escalation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-08T12:11:04", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/advisory/FG-IR-21-181" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-41024", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS", "version": { "version_data": [ { "version_value": "FortiOS 7.0.1, 7.0.0 FortiProxy 7.0.0" } ] } } ] }, "vendor_name": "Fortinet" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 7.3, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Escalation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/advisory/FG-IR-21-181", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-21-181" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-41024", "datePublished": "2021-12-08T12:11:04", "dateReserved": "2021-09-13T00:00:00", "dateUpdated": "2024-10-25T13:41:11.256Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202210-0198
Vulnerability from variot
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. fortinet's FortiProxy , FortiSwitch Manager , FortiOS There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiOS has security flaws. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-0198", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.7" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.2.2" }, { "model": "fortiswitchmanager", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortiswitchmanager", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.7" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.0 that\u0027s all 7.2.2" }, { "model": "fortiswitch manager", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.0 that\u0027s all 7.0.7" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019256" }, { "db": "NVD", "id": "CVE-2022-40684" } ] }, "cve": "CVE-2022-40684", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2022-40684", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-40684", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-40684", "trust": 1.0, "value": "CRITICAL" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-40684", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2022-40684", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202210-347", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019256" }, { "db": "CNNVD", "id": "CNNVD-202210-347" }, { "db": "NVD", "id": "CVE-2022-40684" }, { "db": "NVD", "id": "CVE-2022-40684" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. fortinet\u0027s FortiProxy , FortiSwitch Manager , FortiOS There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiOS has security flaws. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements", "sources": [ { "db": "NVD", "id": "CVE-2022-40684" }, { "db": "JVNDB", "id": "JVNDB-2022-019256" }, { "db": "VULHUB", "id": "VHN-429172" } ], "trust": 1.71 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-429172", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-429172" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-40684", "trust": 3.3 }, { "db": "PACKETSTORM", "id": "169431", "trust": 2.5 }, { "db": "PACKETSTORM", "id": "171515", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2022-019256", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202210-347", "trust": 0.7 }, { "db": "EXPLOIT-DB", "id": "51092", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-429172", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-429172" }, { "db": "JVNDB", "id": "JVNDB-2022-019256" }, { "db": "CNNVD", "id": "CNNVD-202210-347" }, { "db": "NVD", "id": "CVE-2022-40684" } ] }, "id": "VAR-202210-0198", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-429172" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T14:30:57.935000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-22-377", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-22-377" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019256" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-287", "trust": 1.0 }, { "problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-306", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-429172" }, { "db": "JVNDB", "id": "JVNDB-2022-019256" }, { "db": "NVD", "id": "CVE-2022-40684" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "http://packetstormsecurity.com/files/169431/fortinet-fortios-fortiproxy-fortiswitchmanager-authentication-bypass.html" }, { "trust": 2.4, "url": "http://packetstormsecurity.com/files/171515/fortinet-7.2.1-authentication-bypass.html" }, { "trust": 1.7, "url": "https://fortiguard.com/psirt/fg-ir-22-377" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40684" }, { "trust": 0.8, "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-privilege-escalation-39490" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-40684/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortinet-fortios-privilege-escalation-via-http-https-administrative-interface-39490" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/51092" } ], "sources": [ { "db": "VULHUB", "id": "VHN-429172" }, { "db": "JVNDB", "id": "JVNDB-2022-019256" }, { "db": "CNNVD", "id": "CNNVD-202210-347" }, { "db": "NVD", "id": "CVE-2022-40684" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-429172" }, { "db": "JVNDB", "id": "JVNDB-2022-019256" }, { "db": "CNNVD", "id": "CNNVD-202210-347" }, { "db": "NVD", "id": "CVE-2022-40684" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-18T00:00:00", "db": "VULHUB", "id": "VHN-429172" }, { "date": "2023-10-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-019256" }, { "date": "2022-10-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-347" }, { "date": "2022-10-18T14:15:09.747000", "db": "NVD", "id": "CVE-2022-40684" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-20T00:00:00", "db": "VULHUB", "id": "VHN-429172" }, { "date": "2023-10-25T02:51:00", "db": "JVNDB", "id": "JVNDB-2022-019256" }, { "date": "2023-03-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-347" }, { "date": "2024-06-28T13:57:03.760000", "db": "NVD", "id": "CVE-2022-40684" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-347" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Authentication vulnerabilities in multiple Fortinet products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019256" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "access control error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-347" } ], "trust": 0.6 } }
var-202212-0808
Vulnerability from variot
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. fortinet's FortiProxy and FortiOS There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-0808", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.13" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.12" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.9" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.7" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.6" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.15" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.1" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.10" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023337" }, { "db": "NVD", "id": "CVE-2022-35843" } ] }, "cve": "CVE-2022-35843", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2022-35843", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "id": "CVE-2022-35843", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-35843", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-35843", "trust": 1.0, "value": "CRITICAL" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-35843", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-35843", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202212-2590", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023337" }, { "db": "CNNVD", "id": "CNNVD-202212-2590" }, { "db": "NVD", "id": "CVE-2022-35843" }, { "db": "NVD", "id": "CVE-2022-35843" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. fortinet\u0027s FortiProxy and FortiOS There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-35843" }, { "db": "JVNDB", "id": "JVNDB-2022-023337" }, { "db": "VULHUB", "id": "VHN-432094" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-35843", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2022-023337", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-2590", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-432094", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-432094" }, { "db": "JVNDB", "id": "JVNDB-2022-023337" }, { "db": "CNNVD", "id": "CNNVD-202212-2590" }, { "db": "NVD", "id": "CVE-2022-35843" } ] }, "id": "VAR-202212-0808", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-432094" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T13:52:53.527000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-22-255", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-22-255" }, { "title": "Fortinet FortiOS Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=216881" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023337" }, { "db": "CNNVD", "id": "CNNVD-202212-2590" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-284", "trust": 1.0 }, { "problemtype": "CWE-287", "trust": 1.0 }, { "problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023337" }, { "db": "NVD", "id": "CVE-2022-35843" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/psirt/fg-ir-22-255" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35843" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortinet-fortios-user-access-via-radius-ssh-authentication-40036" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-35843/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-432094" }, { "db": "JVNDB", "id": "JVNDB-2022-023337" }, { "db": "CNNVD", "id": "CNNVD-202212-2590" }, { "db": "NVD", "id": "CVE-2022-35843" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-432094" }, { "db": "JVNDB", "id": "JVNDB-2022-023337" }, { "db": "CNNVD", "id": "CNNVD-202212-2590" }, { "db": "NVD", "id": "CVE-2022-35843" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-06T00:00:00", "db": "VULHUB", "id": "VHN-432094" }, { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023337" }, { "date": "2022-12-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2590" }, { "date": "2022-12-06T17:15:10.873000", "db": "NVD", "id": "CVE-2022-35843" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-08T00:00:00", "db": "VULHUB", "id": "VHN-432094" }, { "date": "2023-11-28T06:20:00", "db": "JVNDB", "id": "JVNDB-2022-023337" }, { "date": "2022-12-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2590" }, { "date": "2023-11-07T03:49:25.277000", "db": "NVD", "id": "CVE-2022-35843" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2590" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "fortinet\u0027s \u00a0FortiProxy\u00a0 and \u00a0FortiOS\u00a0 Authentication vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023337" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2590" } ], "trust": 0.6 } }
var-202205-0509
Vulnerability from variot
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. FortiOS and FortiProxy Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. Fortinet FortiProxy SSL VPN has a cross-site scripting vulnerability, which results from insufficient sanitization of user-supplied data, allowing remote attackers to steal potentially sensitive information, change the appearance of web pages, and perform phishing and drive-by download attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0509", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.14" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "2.0.8" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.4" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.10" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.9" }, { "model": "fortios", "scope": "lte", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.4.8 and earlier" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "lte", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.3 and earlier" }, { "model": "fortios", "scope": "lte", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.2.10 and earlier" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.0.0 to 6.0.14" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-011202" }, { "db": "NVD", "id": "CVE-2021-43081" } ] }, "cve": "CVE-2021-43081", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2021-43081", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-404131", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-43081", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2022-011202", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-43081", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-43081", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-43081", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202205-1938", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-404131", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-43081", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-404131" }, { "db": "VULMON", "id": "CVE-2021-43081" }, { "db": "JVNDB", "id": "JVNDB-2022-011202" }, { "db": "CNNVD", "id": "CNNVD-202205-1938" }, { "db": "NVD", "id": "CVE-2021-43081" }, { "db": "NVD", "id": "CVE-2021-43081" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. FortiOS and FortiProxy Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. Fortinet FortiProxy SSL VPN has a cross-site scripting vulnerability, which results from insufficient sanitization of user-supplied data, allowing remote attackers to steal potentially sensitive information, change the appearance of web pages, and perform phishing and drive-by download attacks", "sources": [ { "db": "NVD", "id": "CVE-2021-43081" }, { "db": "JVNDB", "id": "JVNDB-2022-011202" }, { "db": "VULHUB", "id": "VHN-404131" }, { "db": "VULMON", "id": "CVE-2021-43081" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-43081", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-011202", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022050317", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-1938", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2022-50948", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-404131", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-43081", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-404131" }, { "db": "VULMON", "id": "CVE-2021-43081" }, { "db": "JVNDB", "id": "JVNDB-2022-011202" }, { "db": "CNNVD", "id": "CNNVD-202205-1938" }, { "db": "NVD", "id": "CVE-2021-43081" } ] }, "id": "VAR-202205-0509", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-404131" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:47:22.997000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-230", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-21-230" }, { "title": "Fortinet FortiProxy SSL VPN Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191268" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-011202" }, { "db": "CNNVD", "id": "CNNVD-202205-1938" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.1 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-404131" }, { "db": "JVNDB", "id": "JVNDB-2022-011202" }, { "db": "NVD", "id": "CVE-2021-43081" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-21-230" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43081" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022050317" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-cross-site-scripting-via-web-filter-block-override-form-38208" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-43081/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-404131" }, { "db": "VULMON", "id": "CVE-2021-43081" }, { "db": "JVNDB", "id": "JVNDB-2022-011202" }, { "db": "CNNVD", "id": "CNNVD-202205-1938" }, { "db": "NVD", "id": "CVE-2021-43081" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-404131" }, { "db": "VULMON", "id": "CVE-2021-43081" }, { "db": "JVNDB", "id": "JVNDB-2022-011202" }, { "db": "CNNVD", "id": "CNNVD-202205-1938" }, { "db": "NVD", "id": "CVE-2021-43081" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-11T00:00:00", "db": "VULHUB", "id": "VHN-404131" }, { "date": "2022-05-11T00:00:00", "db": "VULMON", "id": "CVE-2021-43081" }, { "date": "2023-08-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-011202" }, { "date": "2022-05-03T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-1938" }, { "date": "2022-05-11T15:15:08.603000", "db": "NVD", "id": "CVE-2021-43081" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-19T00:00:00", "db": "VULHUB", "id": "VHN-404131" }, { "date": "2022-05-19T00:00:00", "db": "VULMON", "id": "CVE-2021-43081" }, { "date": "2023-08-21T04:42:00", "db": "JVNDB", "id": "JVNDB-2022-011202" }, { "date": "2022-05-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-1938" }, { "date": "2024-11-21T06:28:39.330000", "db": "NVD", "id": "CVE-2021-43081" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-1938" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiOS\u00a0 and \u00a0FortiProxy\u00a0 Cross-site scripting vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-011202" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-1938" } ], "trust": 0.6 } }
var-202010-1344
Vulnerability from variot
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. FortiOS and FortiProxy Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. There is a security vulnerability in FortiOS 6.2.4 and earlier versions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1344", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.0.12" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "1.2.10" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.2.5" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "lte", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.2.4 and earlier" }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012605" }, { "db": "NVD", "id": "CVE-2020-6648" } ] }, "cve": "CVE-2020-6648", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2020-6648", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-184773", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-6648", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "id": "CVE-2020-6648", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-6648", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-6648", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2020-6648", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2020-6648", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202010-1124", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-184773", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-6648", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-184773" }, { "db": "VULMON", "id": "CVE-2020-6648" }, { "db": "JVNDB", "id": "JVNDB-2020-012605" }, { "db": "CNNVD", "id": "CNNVD-202010-1124" }, { "db": "NVD", "id": "CVE-2020-6648" }, { "db": "NVD", "id": "CVE-2020-6648" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command. FortiOS and FortiProxy Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. There is a security vulnerability in FortiOS 6.2.4 and earlier versions", "sources": [ { "db": "NVD", "id": "CVE-2020-6648" }, { "db": "JVNDB", "id": "JVNDB-2020-012605" }, { "db": "VULHUB", "id": "VHN-184773" }, { "db": "VULMON", "id": "CVE-2020-6648" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-6648", "trust": 2.6 }, { "db": "JVNDB", "id": "JVNDB-2020-012605", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202010-1124", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.0775", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3787", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-62939", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-184773", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-6648", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-184773" }, { "db": "VULMON", "id": "CVE-2020-6648" }, { "db": "JVNDB", "id": "JVNDB-2020-012605" }, { "db": "CNNVD", "id": "CNNVD-202010-1124" }, { "db": "NVD", "id": "CVE-2020-6648" } ] }, "id": "VAR-202010-1344", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-184773" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:51:14.727000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-20-236 FortiGuard\u00a0PSIRT\u00a0Advisory", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-20-236" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012605" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-312", "trust": 1.1 }, { "problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-184773" }, { "db": "JVNDB", "id": "JVNDB-2020-012605" }, { "db": "NVD", "id": "CVE-2020-6648" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://www.fortiguard.com/psirt/fg-ir-20-009" }, { "trust": 1.7, "url": "https://www.fortiguard.com/psirt/fg-ir-20-236" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6648" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3787/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-information-disclosure-via-diag-sys-ha-checksum-show-33699" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0775" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/312.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-184773" }, { "db": "VULMON", "id": "CVE-2020-6648" }, { "db": "JVNDB", "id": "JVNDB-2020-012605" }, { "db": "CNNVD", "id": "CNNVD-202010-1124" }, { "db": "NVD", "id": "CVE-2020-6648" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-184773" }, { "db": "VULMON", "id": "CVE-2020-6648" }, { "db": "JVNDB", "id": "JVNDB-2020-012605" }, { "db": "CNNVD", "id": "CNNVD-202010-1124" }, { "db": "NVD", "id": "CVE-2020-6648" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-21T00:00:00", "db": "VULHUB", "id": "VHN-184773" }, { "date": "2020-10-21T00:00:00", "db": "VULMON", "id": "CVE-2020-6648" }, { "date": "2021-05-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-012605" }, { "date": "2020-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-1124" }, { "date": "2020-10-21T14:15:20.387000", "db": "NVD", "id": "CVE-2020-6648" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-06-15T00:00:00", "db": "VULHUB", "id": "VHN-184773" }, { "date": "2021-03-11T00:00:00", "db": "VULMON", "id": "CVE-2020-6648" }, { "date": "2021-05-14T08:26:00", "db": "JVNDB", "id": "JVNDB-2020-012605" }, { "date": "2021-03-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-1124" }, { "date": "2024-11-21T05:36:05.557000", "db": "NVD", "id": "CVE-2020-6648" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-1124" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiOS\u00a0 and \u00a0FortiProxy\u00a0 Vulnerability of important information in plaintext", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012605" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-1124" } ], "trust": 0.6 } }
var-202302-1415
Vulnerability from variot
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it. fortinet's FortiProxy and FortiOS Exists in unspecified vulnerabilities.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1415", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.6" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.11" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.1" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.12" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.13" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.16" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.8" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.8" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.11" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.4.0 to 6.4.11" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.0 that\u0027s all 7.0.8" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.0" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.0.0 to 6.0.16" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.2.0 to 6.2.12" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004468" }, { "db": "NVD", "id": "CVE-2022-29054" } ] }, "cve": "CVE-2022-29054", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "id": "CVE-2022-29054", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.3, "baseSeverity": "Low", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2022-29054", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-29054", "trust": 1.0, "value": "LOW" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-29054", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2022-29054", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-202302-1450", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004468" }, { "db": "CNNVD", "id": "CNNVD-202302-1450" }, { "db": "NVD", "id": "CVE-2022-29054" }, { "db": "NVD", "id": "CVE-2022-29054" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A missing cryptographic steps vulnerability [CWE-325]\u00a0in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an\u00a0attacker in\u00a0possession of the encrypted key to decipher it. fortinet\u0027s FortiProxy and FortiOS Exists in unspecified vulnerabilities.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2022-29054" }, { "db": "JVNDB", "id": "JVNDB-2023-004468" }, { "db": "VULHUB", "id": "VHN-420588" }, { "db": "VULMON", "id": "CVE-2022-29054" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29054", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2023-004468", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202302-1450", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-420588", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-29054", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-420588" }, { "db": "VULMON", "id": "CVE-2022-29054" }, { "db": "JVNDB", "id": "JVNDB-2023-004468" }, { "db": "CNNVD", "id": "CNNVD-202302-1450" }, { "db": "NVD", "id": "CVE-2022-29054" } ] }, "id": "VAR-202302-1415", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-420588" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T14:49:19.175000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-22-080", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-22-080" }, { "title": "Fortinet FortiOS Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226816" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004468" }, { "db": "CNNVD", "id": "CNNVD-202302-1450" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-329", "trust": 1.0 }, { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "others (CWE-Other) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004468" }, { "db": "NVD", "id": "CVE-2022-29054" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-22-080" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29054" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29054/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-420588" }, { "db": "VULMON", "id": "CVE-2022-29054" }, { "db": "JVNDB", "id": "JVNDB-2023-004468" }, { "db": "CNNVD", "id": "CNNVD-202302-1450" }, { "db": "NVD", "id": "CVE-2022-29054" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-420588" }, { "db": "VULMON", "id": "CVE-2022-29054" }, { "db": "JVNDB", "id": "JVNDB-2023-004468" }, { "db": "CNNVD", "id": "CNNVD-202302-1450" }, { "db": "NVD", "id": "CVE-2022-29054" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-16T00:00:00", "db": "VULHUB", "id": "VHN-420588" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2022-29054" }, { "date": "2023-10-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-004468" }, { "date": "2023-02-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1450" }, { "date": "2023-02-16T19:15:12.263000", "db": "NVD", "id": "CVE-2022-29054" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-24T00:00:00", "db": "VULHUB", "id": "VHN-420588" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2022-29054" }, { "date": "2023-10-30T07:30:00", "db": "JVNDB", "id": "JVNDB-2023-004468" }, { "date": "2023-02-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1450" }, { "date": "2023-11-07T03:45:53.387000", "db": "NVD", "id": "CVE-2022-29054" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1450" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "fortinet\u0027s \u00a0FortiProxy\u00a0 and \u00a0FortiOS\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004468" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1450" } ], "trust": 0.6 } }
var-201906-0817
Vulnerability from variot
A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. Fortinet FortiOS Contains a buffer error vulnerability.Denial of service (DoS) May be in a state. FortinetFortiOS is a set of Fortinet security operating systems dedicated to the FortiGate network security platform. The system provides users with multiple security features such as firewall, anti-virus, IPSec/SSLVPN, web content filtering and anti-spam. A buffer overflow vulnerability exists in FortinetFort iOS version 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and earlier. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. Fortinet FortiOS is prone to a buffer-overflow vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. The following versions are vulnerable: FortiOS 6.0.0 through 6.0.4 FortiOS 5.6.0 through 5.6.7 FortiOS 5.4 and prior
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0817", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.10" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.8" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.2.14" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.12" }, { "model": "fortios", "scope": "lte", "trust": 0.8, "vendor": "fortinet", "version": "5.4" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "5.6.0 to 5.6.7" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "6.0.0 to 6.0.4" }, { "model": "fortios", "scope": "gte", "trust": 0.6, "vendor": "fortinet", "version": "6.0.0,\u003c=6.0.4" }, { "model": "fortios", "scope": "gte", "trust": 0.6, "vendor": "fortinet", "version": "5.6.0,\u003c=5.6.7" }, { "model": "fortios", "scope": "lte", "trust": 0.6, "vendor": "fortinet", "version": "\u003c=5.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.13" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.7.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.19" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.17" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.15" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.2.13" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.1.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.1.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.80" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.50" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.36" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.12" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.18" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.16" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.14" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.13" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.12" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "6.0.5" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.6.8" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25051" }, { "db": "BID", "id": "108440" }, { "db": "JVNDB", "id": "JVNDB-2018-015567" }, { "db": "NVD", "id": "CVE-2018-13381" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:fortinet:fortios", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015567" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Meh Chang and Orange Tsai from DEVCORE Security Research Team", "sources": [ { "db": "BID", "id": "108440" }, { "db": "CNNVD", "id": "CNNVD-201905-878" } ], "trust": 0.9 }, "cve": "CVE-2018-13381", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2018-13381", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-25051", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-123435", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2018-13381", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2018-13381", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-13381", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-13381", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2018-13381", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-13381", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2019-25051", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201905-878", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-123435", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-13381", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25051" }, { "db": "VULHUB", "id": "VHN-123435" }, { "db": "VULMON", "id": "CVE-2018-13381" }, { "db": "JVNDB", "id": "JVNDB-2018-015567" }, { "db": "CNNVD", "id": "CNNVD-201905-878" }, { "db": "NVD", "id": "CVE-2018-13381" }, { "db": "NVD", "id": "CVE-2018-13381" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. Fortinet FortiOS Contains a buffer error vulnerability.Denial of service (DoS) May be in a state. FortinetFortiOS is a set of Fortinet security operating systems dedicated to the FortiGate network security platform. The system provides users with multiple security features such as firewall, anti-virus, IPSec/SSLVPN, web content filtering and anti-spam. A buffer overflow vulnerability exists in FortinetFort iOS version 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and earlier. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. Fortinet FortiOS is prone to a buffer-overflow vulnerability. \nAttackers can exploit this issue to cause denial-of-service conditions. \nThe following versions are vulnerable:\nFortiOS 6.0.0 through 6.0.4\nFortiOS 5.6.0 through 5.6.7\nFortiOS 5.4 and prior", "sources": [ { "db": "NVD", "id": "CVE-2018-13381" }, { "db": "JVNDB", "id": "JVNDB-2018-015567" }, { "db": "CNVD", "id": "CNVD-2019-25051" }, { "db": "BID", "id": "108440" }, { "db": "VULHUB", "id": "VHN-123435" }, { "db": "VULMON", "id": "CVE-2018-13381" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-13381", "trust": 3.5 }, { "db": "AUSCERT", "id": "ESB-2019.1822", "trust": 1.2 }, { "db": "BID", "id": "108440", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2018-015567", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201905-878", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-25051", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-123435", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-13381", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25051" }, { "db": "VULHUB", "id": "VHN-123435" }, { "db": "VULMON", "id": "CVE-2018-13381" }, { "db": "BID", "id": "108440" }, { "db": "JVNDB", "id": "JVNDB-2018-015567" }, { "db": "CNNVD", "id": "CNNVD-201905-878" }, { "db": "NVD", "id": "CVE-2018-13381" } ] }, "id": "VAR-201906-0817", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-123435" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:21:35.729000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-18-387", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-18-387" }, { "title": "FortinetFortiOS Buffer Overflow Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/172331" }, { "title": "forti-vpn", "trust": 0.1, "url": "https://github.com/jam620/forti-vpn " }, { "title": "SecBooks", "trust": 0.1, "url": "https://github.com/SexyBeast233/SecBooks " }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25051" }, { "db": "VULMON", "id": "CVE-2018-13381" }, { "db": "JVNDB", "id": "JVNDB-2018-015567" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-123435" }, { "db": "JVNDB", "id": "JVNDB-2018-015567" }, { "db": "NVD", "id": "CVE-2018-13381" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://www.securityfocus.com/bid/108440" }, { "trust": 1.8, "url": "https://fortiguard.com/advisory/fg-ir-18-387" }, { "trust": 1.8, "url": "https://fortiguard.com/advisory/fg-ir-20-232" }, { "trust": 1.5, "url": "https://fortiguard.com/psirt/fg-ir-18-387" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13381" }, { "trust": 1.2, "url": "https://www.auscert.org.au/bulletins/esb-2019.1822/" }, { "trust": 0.9, "url": "https://www.fortinet.com/products/fortigate/fortios.html" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13381" }, { "trust": 0.6, "url": "http://www.fortinet.com/technology/network-os-fortios.html" }, { "trust": 0.6, "url": "https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-web-portal-post-message-29467" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25051" }, { "db": "VULHUB", "id": "VHN-123435" }, { "db": "VULMON", "id": "CVE-2018-13381" }, { "db": "BID", "id": "108440" }, { "db": "JVNDB", "id": "JVNDB-2018-015567" }, { "db": "CNNVD", "id": "CNNVD-201905-878" }, { "db": "NVD", "id": "CVE-2018-13381" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-25051" }, { "db": "VULHUB", "id": "VHN-123435" }, { "db": "VULMON", "id": "CVE-2018-13381" }, { "db": "BID", "id": "108440" }, { "db": "JVNDB", "id": "JVNDB-2018-015567" }, { "db": "CNNVD", "id": "CNNVD-201905-878" }, { "db": "NVD", "id": "CVE-2018-13381" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-30T00:00:00", "db": "CNVD", "id": "CNVD-2019-25051" }, { "date": "2019-06-04T00:00:00", "db": "VULHUB", "id": "VHN-123435" }, { "date": "2019-06-04T00:00:00", "db": "VULMON", "id": "CVE-2018-13381" }, { "date": "2019-05-17T00:00:00", "db": "BID", "id": "108440" }, { "date": "2019-06-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015567" }, { "date": "2019-05-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-878" }, { "date": "2019-06-04T21:29:00.313000", "db": "NVD", "id": "CVE-2018-13381" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-30T00:00:00", "db": "CNVD", "id": "CNVD-2019-25051" }, { "date": "2019-08-29T00:00:00", "db": "VULHUB", "id": "VHN-123435" }, { "date": "2021-03-16T00:00:00", "db": "VULMON", "id": "CVE-2018-13381" }, { "date": "2019-05-17T00:00:00", "db": "BID", "id": "108440" }, { "date": "2019-06-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015567" }, { "date": "2021-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-878" }, { "date": "2024-11-21T03:46:59.530000", "db": "NVD", "id": "CVE-2018-13381" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-878" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet FortiOS Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015567" }, { "db": "CNNVD", "id": "CNNVD-201905-878" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-878" } ], "trust": 0.6 } }
var-202207-0115
Vulnerability from variot
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service. plural Fortinet The product contains an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0115", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.5" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.13" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.10" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.6" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.8" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.8" }, { "model": "fortiswitch", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.6" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.17" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.6" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.1" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.6" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.3" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.4" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.10" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.26" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.9" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.15" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.12" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.14" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.3" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.12" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.20" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.3" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.4" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.1" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.21" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.13" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.5" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.13" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.1" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.11" }, { "model": "fortiswitch", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.11" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.3" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.6" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.22" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.23" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.12" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.1" }, { "model": "fortiswitch", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.8" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.5" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.6" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.10" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.1" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.8" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.10" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.16" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.3" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.10" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.4" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.1" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.7" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.25" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.7" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.1" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.24" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.14" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.10" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.3" }, { "model": "fortiswitch", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.1" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.5" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.1" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.5" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.6" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.6" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.3" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.13" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.5" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.8" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.9" }, { "model": "fortiswitch", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.9" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.8" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.1" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.9" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.5" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.10" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.9" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.19" }, { "model": "fortiswitch", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortiswitch", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.7" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.6" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.11" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.18" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.4" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.14" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.12" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.1" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiswitch", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.3" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.8" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.9" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.3.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.11" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.4" }, { "model": "fortivoice", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.9" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.5" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.13" }, { "model": "fortirecorder", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.0.2" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.6.3" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.4.6" }, { "model": "fortirecorder", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortivoice", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiswitch", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015239" }, { "db": "NVD", "id": "CVE-2021-42755" } ] }, "cve": "CVE-2021-42755", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2021-42755", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "OTHER", "availabilityImpact": "Low", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-015239", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-42755", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-42755", "trust": 1.0, "value": "MEDIUM" }, { "author": "OTHER", "id": "JVNDB-2022-015239", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202207-378", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015239" }, { "db": "CNNVD", "id": "CNNVD-202207-378" }, { "db": "NVD", "id": "CVE-2021-42755" }, { "db": "NVD", "id": "CVE-2021-42755" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service. plural Fortinet The product contains an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2021-42755" }, { "db": "JVNDB", "id": "JVNDB-2022-015239" }, { "db": "VULHUB", "id": "VHN-403817" }, { "db": "VULMON", "id": "CVE-2021-42755" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-42755", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-015239", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022070520", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3308", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-378", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-403817", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-42755", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-403817" }, { "db": "VULMON", "id": "CVE-2021-42755" }, { "db": "JVNDB", "id": "JVNDB-2022-015239" }, { "db": "CNNVD", "id": "CNNVD-202207-378" }, { "db": "NVD", "id": "CVE-2021-42755" } ] }, "id": "VAR-202207-0115", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-403817" } ], "trust": 0.36984128000000005 }, "last_update_date": "2024-08-14T14:02:31.490000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-155", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-21-155" }, { "title": "Fortinet FortiVoice Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198709" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015239" }, { "db": "CNNVD", "id": "CNNVD-202207-378" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.1 }, { "problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-403817" }, { "db": "JVNDB", "id": "JVNDB-2022-015239" }, { "db": "NVD", "id": "CVE-2021-42755" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-21-155" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42755" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022070520" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3308" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-42755/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortinet-fortios-integer-overflow-via-dhcpd-38738" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-403817" }, { "db": "VULMON", "id": "CVE-2021-42755" }, { "db": "JVNDB", "id": "JVNDB-2022-015239" }, { "db": "CNNVD", "id": "CNNVD-202207-378" }, { "db": "NVD", "id": "CVE-2021-42755" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-403817" }, { "db": "VULMON", "id": "CVE-2021-42755" }, { "db": "JVNDB", "id": "JVNDB-2022-015239" }, { "db": "CNNVD", "id": "CNNVD-202207-378" }, { "db": "NVD", "id": "CVE-2021-42755" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-18T00:00:00", "db": "VULHUB", "id": "VHN-403817" }, { "date": "2022-07-18T00:00:00", "db": "VULMON", "id": "CVE-2021-42755" }, { "date": "2023-09-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-015239" }, { "date": "2022-07-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-378" }, { "date": "2022-07-18T17:15:08.413000", "db": "NVD", "id": "CVE-2021-42755" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-25T00:00:00", "db": "VULHUB", "id": "VHN-403817" }, { "date": "2022-07-18T00:00:00", "db": "VULMON", "id": "CVE-2021-42755" }, { "date": "2023-09-26T02:13:00", "db": "JVNDB", "id": "JVNDB-2022-015239" }, { "date": "2022-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-378" }, { "date": "2024-01-18T15:48:06.043000", "db": "NVD", "id": "CVE-2021-42755" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-378" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Fortinet\u00a0 Integer overflow vulnerability in product", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015239" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-378" } ], "trust": 0.6 } }
var-202208-0231
Vulnerability from variot
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. plural Fortinet The product contains a vulnerability in format strings.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Fortinet FortiOS and Fortinet FortiGate are products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiGate is a network security platform. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. Fortinet FortiGate and FortiOS have security vulnerabilities that can be exploited to run code via CLI format strings
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202208-0231", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.7" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.13" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.0.14" }, { "model": "fortiadc", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiadc", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.1" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.6" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.7" }, { "model": "fortiadc", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.1.6" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.8" }, { "model": "fortimail", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortimail", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.5" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.13" }, { "model": "fortiadc", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.1.0" }, { "model": "fortiadc", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.14" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortimail", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.1" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.10" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.14" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortiadc", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortimail", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.2.15" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiadcmanager", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortimail", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016210" }, { "db": "NVD", "id": "CVE-2022-22299" } ] }, "cve": "CVE-2022-22299", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2022-22299", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-016210", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-22299", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-22299", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-016210", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202208-2039", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016210" }, { "db": "CNNVD", "id": "CNNVD-202208-2039" }, { "db": "NVD", "id": "CVE-2022-22299" }, { "db": "NVD", "id": "CVE-2022-22299" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. plural Fortinet The product contains a vulnerability in format strings.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Fortinet FortiOS and Fortinet FortiGate are products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiGate is a network security platform. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. Fortinet FortiGate and FortiOS have security vulnerabilities that can be exploited to run code via CLI format strings", "sources": [ { "db": "NVD", "id": "CVE-2022-22299" }, { "db": "JVNDB", "id": "JVNDB-2022-016210" }, { "db": "VULHUB", "id": "VHN-410853" }, { "db": "VULMON", "id": "CVE-2022-22299" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22299", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-016210", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202208-2039", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-410853", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-22299", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-410853" }, { "db": "VULMON", "id": "CVE-2022-22299" }, { "db": "JVNDB", "id": "JVNDB-2022-016210" }, { "db": "CNNVD", "id": "CNNVD-202208-2039" }, { "db": "NVD", "id": "CVE-2022-22299" } ] }, "id": "VAR-202208-0231", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-410853" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T14:37:22.222000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-235", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-21-235" }, { "title": "Fortinet FortiGate and Fortinet FortiOS Fixes for formatting string error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203975" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016210" }, { "db": "CNNVD", "id": "CNNVD-202208-2039" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-134", "trust": 1.0 }, { "problemtype": "Format string problem (CWE-134) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016210" }, { "db": "NVD", "id": "CVE-2022-22299" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-21-235" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22299" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-code-execution-via-cli-format-string-38970" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22299/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-410853" }, { "db": "VULMON", "id": "CVE-2022-22299" }, { "db": "JVNDB", "id": "JVNDB-2022-016210" }, { "db": "CNNVD", "id": "CNNVD-202208-2039" }, { "db": "NVD", "id": "CVE-2022-22299" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-410853" }, { "db": "VULMON", "id": "CVE-2022-22299" }, { "db": "JVNDB", "id": "JVNDB-2022-016210" }, { "db": "CNNVD", "id": "CNNVD-202208-2039" }, { "db": "NVD", "id": "CVE-2022-22299" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-05T00:00:00", "db": "VULHUB", "id": "VHN-410853" }, { "date": "2022-08-05T00:00:00", "db": "VULMON", "id": "CVE-2022-22299" }, { "date": "2023-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-016210" }, { "date": "2022-08-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202208-2039" }, { "date": "2022-08-05T20:15:08.147000", "db": "NVD", "id": "CVE-2022-22299" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-11T00:00:00", "db": "VULHUB", "id": "VHN-410853" }, { "date": "2022-08-06T00:00:00", "db": "VULMON", "id": "CVE-2022-22299" }, { "date": "2023-10-03T01:12:00", "db": "JVNDB", "id": "JVNDB-2022-016210" }, { "date": "2022-08-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202208-2039" }, { "date": "2022-08-11T17:54:14.543000", "db": "NVD", "id": "CVE-2022-22299" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2039" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Fortinet\u00a0 Product Format String Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016210" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "format string error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2039" } ], "trust": 0.6 } }
var-202210-0421
Vulnerability from variot
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request. fortinet's FortiProxy and FortiOS Exists in an uninitialized pointer access vulnerability.Service operation interruption (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. There is a security vulnerability in Fortinet FortiOS. The vulnerability stems from the fact that an attacker can forcibly dereference a NULL pointer through the SSL VPN Portal to trigger a denial of service. The following products and versions are affected: Fortinet FortiOS Version 7.2.0, Versions 7.0.0 to 7.0.5, Versions 6.4.0 to 6.4.9, Versions 6.2.0 to 6.2.10, Versions 6.0.0 to 6.0.14
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-0421", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.7" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.6" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "2.0.10" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.2.11" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.10" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "1.2.13" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.0 that\u0027s all 7.0.7" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.4.0 that\u0027s all 6.4.10" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.2.0 that\u0027s all 6.2.11" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019255" }, { "db": "NVD", "id": "CVE-2022-29055" } ] }, "cve": "CVE-2022-29055", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-29055", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-29055", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-29055", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-29055", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-29055", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202210-376", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019255" }, { "db": "CNNVD", "id": "CNNVD-202210-376" }, { "db": "NVD", "id": "CVE-2022-29055" }, { "db": "NVD", "id": "CVE-2022-29055" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request. fortinet\u0027s FortiProxy and FortiOS Exists in an uninitialized pointer access vulnerability.Service operation interruption (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. There is a security vulnerability in Fortinet FortiOS. The vulnerability stems from the fact that an attacker can forcibly dereference a NULL pointer through the SSL VPN Portal to trigger a denial of service. The following products and versions are affected: Fortinet FortiOS Version 7.2.0, Versions 7.0.0 to 7.0.5, Versions 6.4.0 to 6.4.9, Versions 6.2.0 to 6.2.10, Versions 6.0.0 to 6.0.14", "sources": [ { "db": "NVD", "id": "CVE-2022-29055" }, { "db": "JVNDB", "id": "JVNDB-2022-019255" }, { "db": "VULHUB", "id": "VHN-420589" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29055", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2022-019255", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202210-376", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-420589", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-420589" }, { "db": "JVNDB", "id": "JVNDB-2022-019255" }, { "db": "CNNVD", "id": "CNNVD-202210-376" }, { "db": "NVD", "id": "CVE-2022-29055" } ] }, "id": "VAR-202210-0421", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-420589" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T13:21:36.850000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-22-086", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-22-086" }, { "title": "Fortinet FortiOS Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=211449" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019255" }, { "db": "CNNVD", "id": "CNNVD-202210-376" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-824", "trust": 1.1 }, { "problemtype": "Accessing uninitialized pointers (CWE-824) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-420589" }, { "db": "JVNDB", "id": "JVNDB-2022-019255" }, { "db": "NVD", "id": "CVE-2022-29055" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/psirt/fg-ir-22-086" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29055" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortinet-fortios-null-pointer-dereference-via-ssl-vpn-portal-39498" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29055/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-420589" }, { "db": "JVNDB", "id": "JVNDB-2022-019255" }, { "db": "CNNVD", "id": "CNNVD-202210-376" }, { "db": "NVD", "id": "CVE-2022-29055" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-420589" }, { "db": "JVNDB", "id": "JVNDB-2022-019255" }, { "db": "CNNVD", "id": "CNNVD-202210-376" }, { "db": "NVD", "id": "CVE-2022-29055" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-18T00:00:00", "db": "VULHUB", "id": "VHN-420589" }, { "date": "2023-10-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-019255" }, { "date": "2022-10-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-376" }, { "date": "2022-10-18T15:15:09.620000", "db": "NVD", "id": "CVE-2022-29055" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-20T00:00:00", "db": "VULHUB", "id": "VHN-420589" }, { "date": "2023-10-25T02:49:00", "db": "JVNDB", "id": "JVNDB-2022-019255" }, { "date": "2022-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-376" }, { "date": "2022-10-20T19:13:12.883000", "db": "NVD", "id": "CVE-2022-29055" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-376" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "fortinet\u0027s \u00a0FortiProxy\u00a0 and \u00a0FortiOS\u00a0 Vulnerability in accessing uninitialized pointers in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019255" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-376" } ], "trust": 0.6 } }
var-202106-1942
Vulnerability from variot
Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters. FortiOS and FortiProxy Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. Fortinet FortiGate has a cross-site scripting vulnerability that stems from insufficient sanitization of user-supplied data in SSL VPN web portals. A remote attacker could exploit this vulnerability to trick the victim into following a specially crafted link to an error page and execute arbitrary HTML and script code in the user's browser within the context of the vulnerable website. The following products and versions are affected: FortiGate: 5.0.0, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0 .11, 5.0.12, 5.0.13, 5.0.14, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8 , 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4 , 5.4 .5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.4.13, 5.6.0, 5.6.1, 5.6.2, 5.6.3 , 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 6.0.0, 6.0.1, 6.0 .2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.2.0, 6.2.1 , 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.4
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1942", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.13" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.12" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.14" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.1" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.7" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.9" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.2.15" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.2.10" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.4" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.2.0 to 6.2.7" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.4.0 to 6.4.4" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.0.0 to 6.0.12" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "5.6.0 to 5.6.14" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "5.2.10 to 5.2.15" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "5.4.0 to 5.4.13" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018552" }, { "db": "NVD", "id": "CVE-2021-26092" } ] }, "cve": "CVE-2021-26092", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2021-26092", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-385056", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-26092", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2021-26092", "impactScore": 1.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-26092", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-26092", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-26092", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-26092", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-012", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-385056", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-385056" }, { "db": "JVNDB", "id": "JVNDB-2021-018552" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-012" }, { "db": "NVD", "id": "CVE-2021-26092" }, { "db": "NVD", "id": "CVE-2021-26092" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters. FortiOS and FortiProxy Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. Fortinet FortiGate has a cross-site scripting vulnerability that stems from insufficient sanitization of user-supplied data in SSL VPN web portals. A remote attacker could exploit this vulnerability to trick the victim into following a specially crafted link to an error page and execute arbitrary HTML and script code in the user\u0027s browser within the context of the vulnerable website. The following products and versions are affected: FortiGate: 5.0.0, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0 .11, 5.0.12, 5.0.13, 5.0.14, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8 , 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4 , 5.4 .5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.4.13, 5.6.0, 5.6.1, 5.6.2, 5.6.3 , 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 6.0.0, 6.0.1, 6.0 .2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.2.0, 6.2.1 , 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.4", "sources": [ { "db": "NVD", "id": "CVE-2021-26092" }, { "db": "JVNDB", "id": "JVNDB-2021-018552" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-385056" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-26092", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-018552", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1887", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060124", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-012", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2022-50950", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-385056", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-385056" }, { "db": "JVNDB", "id": "JVNDB-2021-018552" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-012" }, { "db": "NVD", "id": "CVE-2021-26092" } ] }, "id": "VAR-202106-1942", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-385056" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T13:13:06.397000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-20-199", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-20-199" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018552" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.1 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-385056" }, { "db": "JVNDB", "id": "JVNDB-2021-018552" }, { "db": "NVD", "id": "CVE-2021-26092" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/psirt/fg-ir-20-199" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26092" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortigate-cross-site-scripting-via-ssl-vpn-portal-error-page-35583" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1887" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-26092/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060124" } ], "sources": [ { "db": "VULHUB", "id": "VHN-385056" }, { "db": "JVNDB", "id": "JVNDB-2021-018552" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-012" }, { "db": "NVD", "id": "CVE-2021-26092" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-385056" }, { "db": "JVNDB", "id": "JVNDB-2021-018552" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-012" }, { "db": "NVD", "id": "CVE-2021-26092" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-24T00:00:00", "db": "VULHUB", "id": "VHN-385056" }, { "date": "2023-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-018552" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-06-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-012" }, { "date": "2022-02-24T03:15:43.407000", "db": "NVD", "id": "CVE-2021-26092" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-02T00:00:00", "db": "VULHUB", "id": "VHN-385056" }, { "date": "2023-06-22T03:06:00", "db": "JVNDB", "id": "JVNDB-2021-018552" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-012" }, { "date": "2022-03-02T16:28:07.387000", "db": "NVD", "id": "CVE-2021-26092" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-012" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiOS\u00a0 and \u00a0FortiProxy\u00a0 Cross-site scripting vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018552" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-201905-0764
Vulnerability from variot
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. Fortinet FortiOS Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a heap-based buffer-overflow vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Versions prior to FortiOS 6.0.5 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A heap buffer overflow vulnerability existed in Fortinet versions prior to FortiOS 6.2.0. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0764", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "lt", "trust": 1.8, "vendor": "fortinet", "version": "6.0.5" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "5.2.15" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "1.2.9" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "5.4.13" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "5.6.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.13" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.7.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.19" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.17" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.15" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.2.13" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.1.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.1.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.80" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.50" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.36" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.12" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.18" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.16" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.14" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.13" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.12" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "6.2" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "6.0.5" } ], "sources": [ { "db": "BID", "id": "108539" }, { "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "db": "NVD", "id": "CVE-2018-13383" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:fortinet:fortios", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015559" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Meh Chang and Orange Tsai from DEVCORE Security Research Team.", "sources": [ { "db": "BID", "id": "108539" }, { "db": "CNNVD", "id": "CNNVD-201904-116" } ], "trust": 0.9 }, "cve": "CVE-2018-13383", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2018-13383", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-123437", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2018-13383", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2018-13383", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-13383", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-13383", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2018-13383", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-13383", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201904-116", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-123437", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-13383", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-123437" }, { "db": "VULMON", "id": "CVE-2018-13383" }, { "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "db": "CNNVD", "id": "CNNVD-201904-116" }, { "db": "NVD", "id": "CVE-2018-13383" }, { "db": "NVD", "id": "CVE-2018-13383" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. Fortinet FortiOS Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a heap-based buffer-overflow vulnerability. \nAttackers can exploit this issue to cause denial-of-service conditions. \nVersions prior to FortiOS 6.0.5 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A heap buffer overflow vulnerability existed in Fortinet versions prior to FortiOS 6.2.0. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations", "sources": [ { "db": "NVD", "id": "CVE-2018-13383" }, { "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "db": "BID", "id": "108539" }, { "db": "VULHUB", "id": "VHN-123437" }, { "db": "VULMON", "id": "CVE-2018-13383" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-13383", "trust": 2.9 }, { "db": "BID", "id": "108539", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2018-015559", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201904-116", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1114.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1114.4", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-123437", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-13383", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-123437" }, { "db": "VULMON", "id": "CVE-2018-13383" }, { "db": "BID", "id": "108539" }, { "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "db": "CNNVD", "id": "CNNVD-201904-116" }, { "db": "NVD", "id": "CVE-2018-13383" } ] }, "id": "VAR-201905-0764", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-123437" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:55:33.036000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-18-388", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-18-388" }, { "title": "Fortinet FortiOS Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91035" }, { "title": "Fortigate VPN: CVE-2018-13379: Pre-auth arbitrary file reading", "trust": 0.1, "url": "https://github.com/jam620/forti-vpn " }, { "title": "SecBooks\nSecBooks\u76ee\u5f55", "trust": 0.1, "url": "https://github.com/SexyBeast233/SecBooks " }, { "title": "Known Exploited Vulnerabilities Detector", "trust": 0.1, "url": "https://github.com/Ostorlab/KEV " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/apt-groups-exploiting-flaws-in-unpatched-vpns-officials-warn/148956/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-13383" }, { "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "db": "CNNVD", "id": "CNNVD-201904-116" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-123437" }, { "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "db": "NVD", "id": "CVE-2018-13383" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/advisory/fg-ir-18-388" }, { "trust": 1.8, "url": "https://fortiguard.com/advisory/fg-ir-20-229" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13383" }, { "trust": 1.3, "url": "http://www.securityfocus.com/bid/108539" }, { "trust": 0.9, "url": "http://www.fortinet.com/technology/network-os-fortios.html" }, { "trust": 0.9, "url": "https://fortiguard.com/psirt/fg-ir-18-388" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13383" }, { "trust": 0.6, "url": "https://fortiguard.com/psirt/fg-ir-17-053" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1114.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78322" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-javascript-href-content-28933" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://threatpost.com/apt-groups-exploiting-flaws-in-unpatched-vpns-officials-warn/148956/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-123437" }, { "db": "VULMON", "id": "CVE-2018-13383" }, { "db": "BID", "id": "108539" }, { "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "db": "CNNVD", "id": "CNNVD-201904-116" }, { "db": "NVD", "id": "CVE-2018-13383" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-123437" }, { "db": "VULMON", "id": "CVE-2018-13383" }, { "db": "BID", "id": "108539" }, { "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "db": "CNNVD", "id": "CNNVD-201904-116" }, { "db": "NVD", "id": "CVE-2018-13383" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-29T00:00:00", "db": "VULHUB", "id": "VHN-123437" }, { "date": "2019-05-29T00:00:00", "db": "VULMON", "id": "CVE-2018-13383" }, { "date": "2019-06-03T00:00:00", "db": "BID", "id": "108539" }, { "date": "2019-06-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "date": "2019-04-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-116" }, { "date": "2019-05-29T18:29:00.693000", "db": "NVD", "id": "CVE-2018-13383" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-01-22T00:00:00", "db": "VULHUB", "id": "VHN-123437" }, { "date": "2021-03-16T00:00:00", "db": "VULMON", "id": "CVE-2018-13383" }, { "date": "2019-06-03T00:00:00", "db": "BID", "id": "108539" }, { "date": "2019-06-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "date": "2021-03-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-116" }, { "date": "2024-11-21T03:46:59.807000", "db": "NVD", "id": "CVE-2018-13383" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-116" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet FortiOS Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015559" }, { "db": "CNNVD", "id": "CNNVD-201904-116" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-116" } ], "trust": 0.6 } }
var-201906-0818
Vulnerability from variot
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests. Fortinet FortiOS Exists in an authorization vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiOS is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Fortinet FortiOS 5.4.1 through 5.4.10, 5.6.0 to 5.6.8, and 6.0.0 through 6.0.4 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0818", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.1" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "5.6.9" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.0.5" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "1.2.9" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "5.4.11" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "5.4.1 to 5.4.10" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.0.0 to 6.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "5.6.0 to 5.6.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.1" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "6.2" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "6.0.5" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.6.9" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.4.11" } ], "sources": [ { "db": "BID", "id": "108697" }, { "db": "JVNDB", "id": "JVNDB-2018-015563" }, { "db": "NVD", "id": "CVE-2018-13382" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ricardo Longatto,Meh Chang and Orange Tsai from DEVCORE Security Research Team.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-1025" } ], "trust": 0.6 }, "cve": "CVE-2018-13382", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2018-13382", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-123436", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2018-13382", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-13382", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "None", "baseScore": 9.1, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2018-015563", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-13382", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2018-13382", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2018-13382", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201905-1025", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-123436", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-13382", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-123436" }, { "db": "VULMON", "id": "CVE-2018-13382" }, { "db": "JVNDB", "id": "JVNDB-2018-015563" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201905-1025" }, { "db": "NVD", "id": "CVE-2018-13382" }, { "db": "NVD", "id": "CVE-2018-13382" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests. Fortinet FortiOS Exists in an authorization vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiOS is prone to an authorization-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. \nFortinet FortiOS 5.4.1 through 5.4.10, 5.6.0 to 5.6.8, and 6.0.0 through 6.0.4 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products", "sources": [ { "db": "NVD", "id": "CVE-2018-13382" }, { "db": "JVNDB", "id": "JVNDB-2018-015563" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "BID", "id": "108697" }, { "db": "VULHUB", "id": "VHN-123436" }, { "db": "VULMON", "id": "CVE-2018-13382" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-123436", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-123436" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-13382", "trust": 3.7 }, { "db": "BID", "id": "108697", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2018-015563", "trust": 0.8 }, { "db": "EXPLOIT-DB", "id": "49074", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "160130", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201905-1025", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1889", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060122", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2020110183", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-123436", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-13382", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-123436" }, { "db": "VULMON", "id": "CVE-2018-13382" }, { "db": "BID", "id": "108697" }, { "db": "JVNDB", "id": "JVNDB-2018-015563" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201905-1025" }, { "db": "NVD", "id": "CVE-2018-13382" } ] }, "id": "VAR-201906-0818", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-123436" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:24:49.616000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-18-389", "trust": 0.8, "url": "https://fortiguard.com/advisory/FG-IR-18-389" }, { "title": "Fortinet FortiOS Remediation measures for authorization problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92977" }, { "title": "CVE-2018-13382", "trust": 0.1, "url": "https://github.com/milo2012/CVE-2018-13382 " }, { "title": "forti-vpn", "trust": 0.1, "url": "https://github.com/jam620/forti-vpn " }, { "title": "Public-Exploits", "trust": 0.1, "url": "https://github.com/iojymbo/Public-Exploits " }, { "title": "Public-Exploits", "trust": 0.1, "url": "https://github.com/iojymbo/public-exploits " }, { "title": "exploits", "trust": 0.1, "url": "https://github.com/dhn/exploits " }, { "title": "exploit-collection", "trust": 0.1, "url": "https://github.com/ugur-ercan/exploit-collection " }, { "title": "SecBooks", "trust": 0.1, "url": "https://github.com/SexyBeast233/SecBooks " }, { "title": "CVE-POC", "trust": 0.1, "url": "https://github.com/0xT11/CVE-POC " }, { "title": "PoC-in-GitHub", "trust": 0.1, "url": "https://github.com/nomi-sec/PoC-in-GitHub " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/apt-groups-exploiting-flaws-in-unpatched-vpns-officials-warn/148956/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-13382" }, { "db": "JVNDB", "id": "JVNDB-2018-015563" }, { "db": "CNNVD", "id": "CNNVD-201905-1025" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-863", "trust": 1.0 }, { "problemtype": "Inappropriate authorization (CWE-285) [NVD evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-285", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-123436" }, { "db": "JVNDB", "id": "JVNDB-2018-015563" }, { "db": "NVD", "id": "CVE-2018-13382" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/advisory/fg-ir-18-389" }, { "trust": 1.8, "url": "https://www.fortiguard.com/psirt/fg-ir-20-231" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13382" }, { "trust": 1.2, "url": "https://packetstormsecurity.com/files/160130/fortinet-fortios-6.0.4-password-modification.html" }, { "trust": 1.2, "url": "https://www.securityfocus.com/bid/108697" }, { "trust": 0.9, "url": "https://www.fortinet.com/products/fortigate/fortios.html" }, { "trust": 0.9, "url": "https://fortiguard.com/psirt/fg-ir-18-389" }, { "trust": 0.8, "url": "https://cisa.gov/known-exploited-vulnerabilities-catalog" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://i.blackhat.com/usa-19/wednesday/us-19-tsai-infiltrating-corporate-intranet-like-nsa.pdf" }, { "trust": 0.6, "url": "https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn/" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2020110183" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/49074" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-privilege-escalation-via-ssl-vpn-29413" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060122" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1889" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/285.html" }, { "trust": 0.1, "url": "https://github.com/milo2012/cve-2018-13382" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-123436" }, { "db": "VULMON", "id": "CVE-2018-13382" }, { "db": "BID", "id": "108697" }, { "db": "JVNDB", "id": "JVNDB-2018-015563" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201905-1025" }, { "db": "NVD", "id": "CVE-2018-13382" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-123436" }, { "db": "VULMON", "id": "CVE-2018-13382" }, { "db": "BID", "id": "108697" }, { "db": "JVNDB", "id": "JVNDB-2018-015563" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201905-1025" }, { "db": "NVD", "id": "CVE-2018-13382" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-04T00:00:00", "db": "VULHUB", "id": "VHN-123436" }, { "date": "2019-06-04T00:00:00", "db": "VULMON", "id": "CVE-2018-13382" }, { "date": "2019-05-24T00:00:00", "db": "BID", "id": "108697" }, { "date": "2019-06-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015563" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2019-05-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-1025" }, { "date": "2019-06-04T21:29:00.373000", "db": "NVD", "id": "CVE-2018-13382" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-11T00:00:00", "db": "VULHUB", "id": "VHN-123436" }, { "date": "2021-06-03T00:00:00", "db": "VULMON", "id": "CVE-2018-13382" }, { "date": "2019-05-24T00:00:00", "db": "BID", "id": "108697" }, { "date": "2024-05-31T07:01:00", "db": "JVNDB", "id": "JVNDB-2018-015563" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-1025" }, { "date": "2024-11-21T03:46:59.660000", "db": "NVD", "id": "CVE-2018-13382" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-1025" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet\u00a0FortiOS\u00a0 Authorization vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015563" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202302-1270
Vulnerability from variot
An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy). fortinet's FortiProxy and FortiOS Exists in a certificate validation vulnerability.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1270", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.9" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.2.4" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.7" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.8" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.0.0 that\u0027s all 7.0.8" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.0 that\u0027s all 7.2.4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004443" }, { "db": "NVD", "id": "CVE-2022-39948" } ] }, "cve": "CVE-2022-39948", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "id": "CVE-2022-39948", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.2, "id": "CVE-2022-39948", "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.4, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-39948", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-39948", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-39948", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2022-39948", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202302-1437", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004443" }, { "db": "CNNVD", "id": "CNNVD-202302-1437" }, { "db": "NVD", "id": "CVE-2022-39948" }, { "db": "NVD", "id": "CVE-2022-39948" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2\u00a0all versions, 6.0\u00a0all versions and FortiProxy 7.0.0 through 7.0.6, 2.0\u00a0all versions, 1.2\u00a0all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy). fortinet\u0027s FortiProxy and FortiOS Exists in a certificate validation vulnerability.Information may be obtained and information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2022-39948" }, { "db": "JVNDB", "id": "JVNDB-2023-004443" }, { "db": "VULHUB", "id": "VHN-435744" }, { "db": "VULMON", "id": "CVE-2022-39948" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-39948", "trust": 3.4 }, { "db": "JVN", "id": "JVNVU93656033", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-074-11", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-004443", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2023.1055", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202302-1437", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-435744", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-39948", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-435744" }, { "db": "VULMON", "id": "CVE-2022-39948" }, { "db": "JVNDB", "id": "JVNDB-2023-004443" }, { "db": "CNNVD", "id": "CNNVD-202302-1437" }, { "db": "NVD", "id": "CVE-2022-39948" } ] }, "id": "VAR-202302-1270", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-435744" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T13:17:28.199000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-22-257", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-22-257" }, { "title": "Fortinet FortiOS Repair measures for trust management problem vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226806" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004443" }, { "db": "CNNVD", "id": "CNNVD-202302-1437" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.1 }, { "problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-435744" }, { "db": "JVNDB", "id": "JVNDB-2023-004443" }, { "db": "NVD", "id": "CVE-2022-39948" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-22-257" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93656033/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-39948" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-11" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-39948/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.1055" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-435744" }, { "db": "VULMON", "id": "CVE-2022-39948" }, { "db": "JVNDB", "id": "JVNDB-2023-004443" }, { "db": "CNNVD", "id": "CNNVD-202302-1437" }, { "db": "NVD", "id": "CVE-2022-39948" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-435744" }, { "db": "VULMON", "id": "CVE-2022-39948" }, { "db": "JVNDB", "id": "JVNDB-2023-004443" }, { "db": "CNNVD", "id": "CNNVD-202302-1437" }, { "db": "NVD", "id": "CVE-2022-39948" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-16T00:00:00", "db": "VULHUB", "id": "VHN-435744" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2022-39948" }, { "date": "2023-10-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-004443" }, { "date": "2023-02-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1437" }, { "date": "2023-02-16T19:15:12.993000", "db": "NVD", "id": "CVE-2022-39948" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-24T00:00:00", "db": "VULHUB", "id": "VHN-435744" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2022-39948" }, { "date": "2024-03-22T07:12:00", "db": "JVNDB", "id": "JVNDB-2023-004443" }, { "date": "2023-02-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1437" }, { "date": "2023-11-07T03:50:40.990000", "db": "NVD", "id": "CVE-2022-39948" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1437" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "fortinet\u0027s \u00a0FortiProxy\u00a0 and \u00a0FortiOS\u00a0 Certificate validation vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004443" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1437" } ], "trust": 0.6 } }
var-202302-1300
Vulnerability from variot
A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. fortinet's FortiProxy and FortiOS There is an injection vulnerability in.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1300", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.6" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.1" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.1" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.12" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.10" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.13" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.1" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.16" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.2" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.8" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.11" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.4.0 to 6.4.11" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.0" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.2" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.0 to 7.0.8" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.2.0 to 6.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.1" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.0.1 to 6.0.16" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019901" }, { "db": "NVD", "id": "CVE-2022-42472" } ] }, "cve": "CVE-2022-42472", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2022-42472", "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.6, "id": "CVE-2022-42472", "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.4, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2022-42472", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-42472", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-42472", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2022-42472", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202302-1426", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019901" }, { "db": "CNNVD", "id": "CNNVD-202302-1426" }, { "db": "NVD", "id": "CVE-2022-42472" }, { "db": "NVD", "id": "CVE-2022-42472" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A improper neutralization of crlf sequences in http headers (\u0027http response splitting\u0027) in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. fortinet\u0027s FortiProxy and FortiOS There is an injection vulnerability in.Information may be obtained and information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2022-42472" }, { "db": "JVNDB", "id": "JVNDB-2022-019901" }, { "db": "VULHUB", "id": "VHN-439113" }, { "db": "VULMON", "id": "CVE-2022-42472" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-42472", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-019901", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2023.1052", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202302-1426", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-439113", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-42472", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-439113" }, { "db": "VULMON", "id": "CVE-2022-42472" }, { "db": "JVNDB", "id": "JVNDB-2022-019901" }, { "db": "CNNVD", "id": "CNNVD-202302-1426" }, { "db": "NVD", "id": "CVE-2022-42472" } ] }, "id": "VAR-202302-1300", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-439113" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T15:05:53.755000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-22-362", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-22-362" }, { "title": "Fortinet FortiOS Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226088" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019901" }, { "db": "CNNVD", "id": "CNNVD-202302-1426" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-113", "trust": 1.0 }, { "problemtype": "CWE-74", "trust": 1.0 }, { "problemtype": "injection (CWE-74) [NVD evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-436", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-439113" }, { "db": "JVNDB", "id": "JVNDB-2022-019901" }, { "db": "NVD", "id": "CVE-2022-42472" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-22-362" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42472" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.1052" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-42472/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-439113" }, { "db": "VULMON", "id": "CVE-2022-42472" }, { "db": "JVNDB", "id": "JVNDB-2022-019901" }, { "db": "CNNVD", "id": "CNNVD-202302-1426" }, { "db": "NVD", "id": "CVE-2022-42472" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-439113" }, { "db": "VULMON", "id": "CVE-2022-42472" }, { "db": "JVNDB", "id": "JVNDB-2022-019901" }, { "db": "CNNVD", "id": "CNNVD-202302-1426" }, { "db": "NVD", "id": "CVE-2022-42472" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-16T00:00:00", "db": "VULHUB", "id": "VHN-439113" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2022-42472" }, { "date": "2023-10-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-019901" }, { "date": "2023-02-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1426" }, { "date": "2023-02-16T19:15:13.583000", "db": "NVD", "id": "CVE-2022-42472" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-27T00:00:00", "db": "VULHUB", "id": "VHN-439113" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2022-42472" }, { "date": "2023-10-30T01:20:00", "db": "JVNDB", "id": "JVNDB-2022-019901" }, { "date": "2023-02-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1426" }, { "date": "2023-11-07T03:53:22.160000", "db": "NVD", "id": "CVE-2022-42472" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1426" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "fortinet\u0027s \u00a0FortiProxy\u00a0 and \u00a0FortiOS\u00a0 Injection vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019901" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1426" } ], "trust": 0.6 } }
var-202112-0357
Vulnerability from variot
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability. FortiProxy and FortiGate Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiProxy SSL VPN is the United States ( Fortinet ) company's application software. An intrusion detection function is provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0357", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.6" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.9" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.11" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.14" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.13" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.3" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "NVD", "id": "CVE-2021-26103" } ] }, "cve": "CVE-2021-26103", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "CVE-2021-26103", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "VHN-385067", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2021-26103", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-26103", "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-26103", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-26103", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-26103", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-26103", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202112-530", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-385067", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-385067" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "CNNVD", "id": "CNNVD-202112-530" }, { "db": "NVD", "id": "CVE-2021-26103" }, { "db": "NVD", "id": "CVE-2021-26103" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability. FortiProxy and FortiGate Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiProxy SSL VPN is the United States ( Fortinet ) company\u0027s application software. An intrusion detection function is provided", "sources": [ { "db": "NVD", "id": "CVE-2021-26103" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "VULHUB", "id": "VHN-385067" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-26103", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-016005", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202112-530", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.4147", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021120716", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2022-19075", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-385067", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-385067" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "CNNVD", "id": "CNNVD-202112-530" }, { "db": "NVD", "id": "CVE-2021-26103" } ] }, "id": "VAR-202112-0357", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-385067" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T14:02:55.123000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-20-158", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-20-158" }, { "title": "Fortinet FortiProxy SSL VPN Repair measures for data forgery problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173980" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "CNNVD", "id": "CNNVD-202112-530" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-345", "trust": 1.1 }, { "problemtype": "Inadequate verification of data reliability (CWE-345) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-385067" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "NVD", "id": "CVE-2021-26103" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-20-158" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26103" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4147" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021120716" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-cross-site-request-forgery-via-ssl-vpn-portal-37020" } ], "sources": [ { "db": "VULHUB", "id": "VHN-385067" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "CNNVD", "id": "CNNVD-202112-530" }, { "db": "NVD", "id": "CVE-2021-26103" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-385067" }, { "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "db": "CNNVD", "id": "CNNVD-202112-530" }, { "db": "NVD", "id": "CVE-2021-26103" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-08T00:00:00", "db": "VULHUB", "id": "VHN-385067" }, { "date": "2022-12-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "date": "2021-12-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-530" }, { "date": "2021-12-08T12:15:07.677000", "db": "NVD", "id": "CVE-2021-26103" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-09T00:00:00", "db": "VULHUB", "id": "VHN-385067" }, { "date": "2022-12-05T06:07:00", "db": "JVNDB", "id": "JVNDB-2021-016005" }, { "date": "2021-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-530" }, { "date": "2021-12-09T21:11:26.673000", "db": "NVD", "id": "CVE-2021-26103" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-530" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiProxy\u00a0 and \u00a0FortiGate\u00a0 Inadequate validation of data reliability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016005" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "data forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-530" } ], "trust": 0.6 } }
var-202212-1132
Vulnerability from variot
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. FortiOS and FortiProxy Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Exploitation status: Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise: Multiple log entries with: Logdesc="Application crashed" and msg="[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]“ Presence of the following artifacts in the filesystem: /data/lib/libips.bak /data/lib/libgif.so /data/lib/libiptcp.so /data/lib/libipudp.so /data/lib/libjepg.so /var/.sslvpnconfigbk /data/etc/wxd.conf /flash Connections to suspicious IP addresses from the FortiGate: 188.34.130.40:444 103.131.189.143:30080,30081,30443,20443 192.36.119.61:8443,444 172.247.168.153:8033
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1132", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.2.2" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.6" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.10" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.8" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.0.14" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.14" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.8" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.9" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.2.15" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.13" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.2.12" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.11" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.7" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.13" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.0.16" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.0.15" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.2.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.2.3" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.11" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.4.0 to 6.4.10" }, { "model": "fortios", "scope": "lte", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.0.15 and earlier" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.2.0 to 6.2.11" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.0 to 7.0.8" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.0 to 7.2.2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004202" }, { "db": "NVD", "id": "CVE-2022-42475" } ] }, "cve": "CVE-2022-42475", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2022-42475", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-004202", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-42475", "trust": 1.0, "value": "CRITICAL" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-42475", "trust": 1.0, "value": "CRITICAL" }, { "author": "OTHER", "id": "JVNDB-2022-004202", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202212-2946", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004202" }, { "db": "CNNVD", "id": "CNNVD-202212-2946" }, { "db": "NVD", "id": "CVE-2022-42475" }, { "db": "NVD", "id": "CVE-2022-42475" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A heap-based buffer overflow vulnerability [CWE-122]\u00a0in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. FortiOS and FortiProxy Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\u0026nbsp;\nExploitation status:\nFortinet is aware of an instance where\u0026nbsp;this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise:\n\u0026nbsp;\nMultiple log entries with:\nLogdesc=\"Application crashed\" and msg=\"[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]\u201c\n\u0026nbsp;\nPresence of the following artifacts in the filesystem:\n/data/lib/libips.bak\n/data/lib/libgif.so\n/data/lib/libiptcp.so\n/data/lib/libipudp.so\n/data/lib/libjepg.so\n/var/.sslvpnconfigbk\n/data/etc/wxd.conf\n/flash\n\u0026nbsp;\nConnections to suspicious IP addresses from the FortiGate:\n188.34.130.40:444\n103.131.189.143:30080,30081,30443,20443\n192.36.119.61:8443,444\n172.247.168.153:8033", "sources": [ { "db": "NVD", "id": "CVE-2022-42475" }, { "db": "JVNDB", "id": "JVNDB-2022-004202" }, { "db": "VULHUB", "id": "VHN-439116" }, { "db": "VULMON", "id": "CVE-2022-42475" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-42475", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-004202", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.6458", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202212-2946", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-439116", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-42475", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-439116" }, { "db": "VULMON", "id": "CVE-2022-42475" }, { "db": "JVNDB", "id": "JVNDB-2022-004202" }, { "db": "CNNVD", "id": "CNNVD-202212-2946" }, { "db": "NVD", "id": "CVE-2022-42475" } ] }, "id": "VAR-202212-1132", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-439116" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T15:26:57.028000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-22-398", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-22-398" }, { "title": "Fortinet FortiOS Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220509" }, { "title": "Fortinet Security Advisories: FortiOS - heap-based buffer overflow in sslvpnd", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-22-398" }, { "title": null, "trust": 0.1, "url": "https://www.theregister.co.uk/2022/12/14/microsoft_december_patch_tuesday/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-42475" }, { "db": "JVNDB", "id": "JVNDB-2022-004202" }, { "db": "CNNVD", "id": "CNNVD-202212-2946" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-197", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-439116" }, { "db": "JVNDB", "id": "JVNDB-2022-004202" }, { "db": "NVD", "id": "CVE-2022-42475" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-22-398" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42475" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortinet-fortios-buffer-overflow-via-sslvpnd-40074" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-42475/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6458" } ], "sources": [ { "db": "VULHUB", "id": "VHN-439116" }, { "db": "VULMON", "id": "CVE-2022-42475" }, { "db": "JVNDB", "id": "JVNDB-2022-004202" }, { "db": "CNNVD", "id": "CNNVD-202212-2946" }, { "db": "NVD", "id": "CVE-2022-42475" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-439116" }, { "db": "VULMON", "id": "CVE-2022-42475" }, { "db": "JVNDB", "id": "JVNDB-2022-004202" }, { "db": "CNNVD", "id": "CNNVD-202212-2946" }, { "db": "NVD", "id": "CVE-2022-42475" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-02T00:00:00", "db": "VULHUB", "id": "VHN-439116" }, { "date": "2023-03-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-004202" }, { "date": "2022-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2946" }, { "date": "2023-01-02T09:15:09.490000", "db": "NVD", "id": "CVE-2022-42475" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-09T00:00:00", "db": "VULHUB", "id": "VHN-439116" }, { "date": "2023-03-30T06:24:00", "db": "JVNDB", "id": "JVNDB-2022-004202" }, { "date": "2023-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2946" }, { "date": "2024-06-28T13:48:44.240000", "db": "NVD", "id": "CVE-2022-42475" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2946" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiOS\u00a0 and \u00a0FortiProxy\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004202" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2946" } ], "trust": 0.6 } }
var-201906-0815
Vulnerability from variot
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. Fortinet FortiOS Contains a path traversal vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiOS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information. Fortinet FortiOS 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A path traversal vulnerability exists in the SSL VPN web portal in Fortinet FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0815", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.0.5" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "1.2.9" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "5.4.13" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.3" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "5.6.8" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.6" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "5.6.3 to 5.6.7" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "6.0.0 to 6.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.3" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "6.2" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "6.0.5" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.6.8" } ], "sources": [ { "db": "BID", "id": "108693" }, { "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "db": "NVD", "id": "CVE-2018-13379" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:fortinet:fortios", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015565" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Carlos E. Vieira,Meh Chang and Orange Tsai from DEVCORE Security Research Team.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-1026" } ], "trust": 0.6 }, "cve": "CVE-2018-13379", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-13379", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-123432", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-13379", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-13379", "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-13379", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-13379", "trust": 1.0, "value": "CRITICAL" }, { "author": "psirt@fortinet.com", "id": "CVE-2018-13379", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2018-13379", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201905-1026", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-123432", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-13379", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-123432" }, { "db": "VULMON", "id": "CVE-2018-13379" }, { "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201905-1026" }, { "db": "NVD", "id": "CVE-2018-13379" }, { "db": "NVD", "id": "CVE-2018-13379" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. Fortinet FortiOS Contains a path traversal vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiOS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker can exploit this issue using directory-traversal characters (\u0027../\u0027) to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information. \nFortinet FortiOS 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A path traversal vulnerability exists in the SSL VPN web portal in Fortinet FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths", "sources": [ { "db": "NVD", "id": "CVE-2018-13379" }, { "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "BID", "id": "108693" }, { "db": "VULHUB", "id": "VHN-123432" }, { "db": "VULMON", "id": "CVE-2018-13379" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47288", "trust": 0.2, "type": "exploit" }, { "reference": "https://www.scap.org.cn/vuln/vhn-123432", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-123432" }, { "db": "VULMON", "id": "CVE-2018-13379" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-13379", "trust": 2.9 }, { "db": "BID", "id": "108693", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2018-015565", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "154146", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "154147", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201905-1026", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060121", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1889", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "47288", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-68839", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-99091", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-99092", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-123432", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-13379", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-123432" }, { "db": "VULMON", "id": "CVE-2018-13379" }, { "db": "BID", "id": "108693" }, { "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201905-1026" }, { "db": "NVD", "id": "CVE-2018-13379" } ] }, "id": "VAR-201906-0815", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-123432" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T19:59:02.016000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-18-384", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-18-384" }, { "title": "Fortinet FortiOS Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92978" }, { "title": "forti", "trust": 0.1, "url": "https://github.com/nescam123/forti " }, { "title": "CVE-2018-13379-FortinetVPN", "trust": 0.1, "url": "https://github.com/mandr4x/CVE-2018-13379-FortinetVPN " }, { "title": "Fortigate", "trust": 0.1, "url": "https://github.com/7Elements/Fortigate " }, { "title": "CVE-2018-13379", "trust": 0.1, "url": "https://github.com/B1anda0/CVE-2018-13379 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-13379" }, { "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "db": "CNNVD", "id": "CNNVD-201905-1026" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-123432" }, { "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "db": "NVD", "id": "CVE-2018-13379" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-18-384" }, { "trust": 1.7, "url": "https://www.fortiguard.com/psirt/fg-ir-20-233" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13379" }, { "trust": 1.2, "url": "https://packetstormsecurity.com/files/154147/fortios-5.6.7-6.0.4-credential-disclosure.html" }, { "trust": 1.2, "url": "https://www.securityfocus.com/bid/108693" }, { "trust": 0.9, "url": "https://www.fortinet.com/products/fortigate/fortios.html" }, { "trust": 0.9, "url": "https://fortiguard.com/psirt/fg-ir-18-384" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13379" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://i.blackhat.com/usa-19/wednesday/us-19-tsai-infiltrating-corporate-intranet-like-nsa.pdf" }, { "trust": 0.6, "url": "https://github.com/blacklotuslabs/development/blob/master/mitigations/cve/cve-2018-13379/cve-2018-13379%20-%20summary%20%26%20emergency%20mitigations.pdf" }, { "trust": 0.6, "url": "https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/154146/fortios-5.6.7-6.0.4-credential-disclosure.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-directory-traversal-via-ssl-vpn-29414" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/47288" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060121" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1889" } ], "sources": [ { "db": "VULHUB", "id": "VHN-123432" }, { "db": "BID", "id": "108693" }, { "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201905-1026" }, { "db": "NVD", "id": "CVE-2018-13379" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-123432" }, { "db": "VULMON", "id": "CVE-2018-13379" }, { "db": "BID", "id": "108693" }, { "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201905-1026" }, { "db": "NVD", "id": "CVE-2018-13379" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-04T00:00:00", "db": "VULHUB", "id": "VHN-123432" }, { "date": "2019-06-04T00:00:00", "db": "VULMON", "id": "CVE-2018-13379" }, { "date": "2019-05-24T00:00:00", "db": "BID", "id": "108693" }, { "date": "2019-06-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2019-05-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-1026" }, { "date": "2019-06-04T21:29:00.233000", "db": "NVD", "id": "CVE-2018-13379" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-01-22T00:00:00", "db": "VULHUB", "id": "VHN-123432" }, { "date": "2021-06-03T00:00:00", "db": "VULMON", "id": "CVE-2018-13379" }, { "date": "2019-05-24T00:00:00", "db": "BID", "id": "108693" }, { "date": "2019-06-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-06-04T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-1026" }, { "date": "2024-11-21T03:46:59.250000", "db": "NVD", "id": "CVE-2018-13379" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-1026" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet FortiOS Path traversal vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015565" }, { "db": "CNNVD", "id": "CNNVD-201905-1026" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202302-1352
Vulnerability from variot
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter. FortiProxy , Fortiweb , FortiOS Multiple Fortinet products contain vulnerabilities related to digital signature validation.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1352", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.9" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiweb", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiweb", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.3.17" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiswitch", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiswitch", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.11" }, { "model": "fortiswitch", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortiweb", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.0" }, { "model": "fortiswitch", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.4" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "2.0.8" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.4" }, { "model": "fortiweb", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiswitch", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.0 that\u0027s all 7.0.4" }, { "model": "fortiweb", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiswitch", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.0.0 that\u0027s all 6.4.11" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004474" }, { "db": "NVD", "id": "CVE-2021-43074" } ] }, "cve": "CVE-2021-43074", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-43074", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-43074", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-43074", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-43074", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-43074", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202302-1452", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004474" }, { "db": "CNNVD", "id": "CNNVD-202302-1452" }, { "db": "NVD", "id": "CVE-2021-43074" }, { "db": "NVD", "id": "CVE-2021-43074" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8\u00a0and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10\u00a0and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1\u00a0and below, 2.0.7\u00a0and below, 1.2 all versions, 1.1 all versions, 1.0 all versions\u00a0may allow an attacker\u00a0to decrypt portions of the administrative session management cookie\u00a0if able to intercept the latter. FortiProxy , Fortiweb , FortiOS Multiple Fortinet products contain vulnerabilities related to digital signature validation.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-43074" }, { "db": "JVNDB", "id": "JVNDB-2023-004474" }, { "db": "VULHUB", "id": "VHN-404124" }, { "db": "VULMON", "id": "CVE-2021-43074" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-43074", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2023-004474", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202302-1452", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-404124", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-43074", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-404124" }, { "db": "VULMON", "id": "CVE-2021-43074" }, { "db": "JVNDB", "id": "JVNDB-2023-004474" }, { "db": "CNNVD", "id": "CNNVD-202302-1452" }, { "db": "NVD", "id": "CVE-2021-43074" } ] }, "id": "VAR-202302-1352", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-404124" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T14:49:19.202000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-126", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-21-126" }, { "title": "Fortinet FortiSwitch and FortiWeb Repair measures for data forgery problem vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226818" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004474" }, { "db": "CNNVD", "id": "CNNVD-202302-1452" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-347", "trust": 1.1 }, { "problemtype": "Improper verification of digital signatures (CWE-347) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-404124" }, { "db": "JVNDB", "id": "JVNDB-2023-004474" }, { "db": "NVD", "id": "CVE-2021-43074" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-21-126" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43074" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-43074/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-404124" }, { "db": "VULMON", "id": "CVE-2021-43074" }, { "db": "JVNDB", "id": "JVNDB-2023-004474" }, { "db": "CNNVD", "id": "CNNVD-202302-1452" }, { "db": "NVD", "id": "CVE-2021-43074" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-404124" }, { "db": "VULMON", "id": "CVE-2021-43074" }, { "db": "JVNDB", "id": "JVNDB-2023-004474" }, { "db": "CNNVD", "id": "CNNVD-202302-1452" }, { "db": "NVD", "id": "CVE-2021-43074" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-16T00:00:00", "db": "VULHUB", "id": "VHN-404124" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2021-43074" }, { "date": "2023-10-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-004474" }, { "date": "2023-02-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1452" }, { "date": "2023-02-16T19:15:11.677000", "db": "NVD", "id": "CVE-2021-43074" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-24T00:00:00", "db": "VULHUB", "id": "VHN-404124" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2021-43074" }, { "date": "2023-10-30T07:35:00", "db": "JVNDB", "id": "JVNDB-2023-004474" }, { "date": "2023-02-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1452" }, { "date": "2023-11-07T03:39:18.017000", "db": "NVD", "id": "CVE-2021-43074" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1452" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Digital signature validation vulnerability in multiple Fortinet products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004474" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "data forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1452" } ], "trust": 0.6 } }
var-202112-0338
Vulnerability from variot
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0338", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios-6k7k", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.8" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiswitch", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.9" }, { "model": "fortianalyzer", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiadc", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.1.5" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.13" }, { "model": "fortindr", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortios-6k7k", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.6" }, { "model": "fortiadc", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortios-6k7k", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.2" }, { "model": "fortivoice", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiweb", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.3.16" }, { "model": "fortiadc", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.2" }, { "model": "fortiweb", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.0.0" }, { "model": "fortirecorder", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortimanager", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortimail", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.7" }, { "model": "fortiadc", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.0.0" }, { "model": "fortimail", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.9" }, { "model": "fortivoice", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortirecorder", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.6.0" }, { "model": "fortirecorder", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.2" }, { "model": "fortimail", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortivoice", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.10" }, { "model": "fortiswitch", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.7" }, { "model": "fortiportal", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.0.0" }, { "model": "fortimanager", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.0.0" }, { "model": "fortiswitch", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.3" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.1" }, { "model": "fortiportal", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.10" }, { "model": "fortimail", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.6" }, { "model": "fortimanager", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.7" }, { "model": "fortianalyzer", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortimanager", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortindr", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.5.2" }, { "model": "fortirecorder", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.10" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortianalyzer", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortimail", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.7" }, { "model": "fortiswitch", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortianalyzer", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.7" }, { "model": "fortivoice", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.4" }, { "model": "fortiweb", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.1" }, { "model": "fortiweb", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortimail", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortimanager", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortianalyzer", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiweb", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016008" }, { "db": "NVD", "id": "CVE-2021-42757" } ] }, "cve": "CVE-2021-42757", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2021-42757", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-403819", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "id": "CVE-2021-42757", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 6.7, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-016008", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-42757", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-42757", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-42757", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202112-559", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-403819", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-403819" }, { "db": "JVNDB", "id": "JVNDB-2021-016008" }, { "db": "CNNVD", "id": "CNNVD-202112-559" }, { "db": "NVD", "id": "CVE-2021-42757" }, { "db": "NVD", "id": "CVE-2021-42757" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2021-42757" }, { "db": "JVNDB", "id": "JVNDB-2021-016008" }, { "db": "VULHUB", "id": "VHN-403819" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-42757", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-016008", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202112-559", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-403819", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-403819" }, { "db": "JVNDB", "id": "JVNDB-2021-016008" }, { "db": "CNNVD", "id": "CNNVD-202112-559" }, { "db": "NVD", "id": "CVE-2021-42757" } ] }, "id": "VAR-202112-0338", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-403819" } ], "trust": 0.36984128000000005 }, "last_update_date": "2024-11-23T22:20:42.629000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-173", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-21-173" }, { "title": "Fortinet FortiOS Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173877" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016008" }, { "db": "CNNVD", "id": "CNNVD-202112-559" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-120", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-403819" }, { "db": "JVNDB", "id": "JVNDB-2021-016008" }, { "db": "NVD", "id": "CVE-2021-42757" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-21-173" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42757" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-tftp-client-library-37026" } ], "sources": [ { "db": "VULHUB", "id": "VHN-403819" }, { "db": "JVNDB", "id": "JVNDB-2021-016008" }, { "db": "CNNVD", "id": "CNNVD-202112-559" }, { "db": "NVD", "id": "CVE-2021-42757" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-403819" }, { "db": "JVNDB", "id": "JVNDB-2021-016008" }, { "db": "CNNVD", "id": "CNNVD-202112-559" }, { "db": "NVD", "id": "CVE-2021-42757" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-08T00:00:00", "db": "VULHUB", "id": "VHN-403819" }, { "date": "2022-12-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-016008" }, { "date": "2021-12-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-559" }, { "date": "2021-12-08T11:15:11.840000", "db": "NVD", "id": "CVE-2021-42757" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-09T00:00:00", "db": "VULHUB", "id": "VHN-403819" }, { "date": "2022-12-05T06:18:00", "db": "JVNDB", "id": "JVNDB-2021-016008" }, { "date": "2021-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-559" }, { "date": "2024-11-21T06:28:06.653000", "db": "NVD", "id": "CVE-2021-42757" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-559" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiOS\u00a0 of \u00a0TFTP\u00a0 client library and \u00a0FortiOS\u00a0 Classic buffer overflow vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016008" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-559" } ], "trust": 0.6 } }
var-202302-1418
Vulnerability from variot
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests. fortinet's FortiSwitch Manager , FortiProxy , FortiOS Exists in a past traversal vulnerability.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1418", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiswitchmanager", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.6" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.1" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.1" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.12" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.10" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.10" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.13" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.7" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.2" }, { "model": "fortiswitchmanager", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.8" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.0" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.2" }, { "model": "fortiswitch manager", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.0 to 7.0.8" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.4.0 to 6.4.10" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.2.0 to 6.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019903" }, { "db": "NVD", "id": "CVE-2022-41335" } ] }, "cve": "CVE-2022-41335", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2022-41335", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2022-41335", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-41335", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-41335", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-41335", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-41335", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202302-1427", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019903" }, { "db": "CNNVD", "id": "CNNVD-202302-1427" }, { "db": "NVD", "id": "CVE-2022-41335" }, { "db": "NVD", "id": "CVE-2022-41335" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A relative path traversal vulnerability\u00a0[CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests. fortinet\u0027s FortiSwitch Manager , FortiProxy , FortiOS Exists in a past traversal vulnerability.Information may be obtained and information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2022-41335" }, { "db": "JVNDB", "id": "JVNDB-2022-019903" }, { "db": "VULHUB", "id": "VHN-437474" }, { "db": "VULMON", "id": "CVE-2022-41335" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41335", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-019903", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202302-1427", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-437474", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-41335", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-437474" }, { "db": "VULMON", "id": "CVE-2022-41335" }, { "db": "JVNDB", "id": "JVNDB-2022-019903" }, { "db": "CNNVD", "id": "CNNVD-202302-1427" }, { "db": "NVD", "id": "CVE-2022-41335" } ] }, "id": "VAR-202302-1418", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-437474" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T14:10:18.521000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-22-391", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-22-391" }, { "title": "Fortinet FortiOS and FortiSwitch Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226970" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019903" }, { "db": "CNNVD", "id": "CNNVD-202302-1427" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.1 }, { "problemtype": "CWE-23", "trust": 1.0 }, { "problemtype": "Path traversal (CWE-22) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-437474" }, { "db": "JVNDB", "id": "JVNDB-2022-019903" }, { "db": "NVD", "id": "CVE-2022-41335" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-22-391" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41335" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41335/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-437474" }, { "db": "VULMON", "id": "CVE-2022-41335" }, { "db": "JVNDB", "id": "JVNDB-2022-019903" }, { "db": "CNNVD", "id": "CNNVD-202302-1427" }, { "db": "NVD", "id": "CVE-2022-41335" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-437474" }, { "db": "VULMON", "id": "CVE-2022-41335" }, { "db": "JVNDB", "id": "JVNDB-2022-019903" }, { "db": "CNNVD", "id": "CNNVD-202302-1427" }, { "db": "NVD", "id": "CVE-2022-41335" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-16T00:00:00", "db": "VULHUB", "id": "VHN-437474" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2022-41335" }, { "date": "2023-10-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-019903" }, { "date": "2023-02-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1427" }, { "date": "2023-02-16T19:15:13.513000", "db": "NVD", "id": "CVE-2022-41335" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-27T00:00:00", "db": "VULHUB", "id": "VHN-437474" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2022-41335" }, { "date": "2023-10-30T01:23:00", "db": "JVNDB", "id": "JVNDB-2022-019903" }, { "date": "2023-02-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1427" }, { "date": "2023-11-07T03:52:48.110000", "db": "NVD", "id": "CVE-2022-41335" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1427" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Path traversal vulnerability in multiple Fortinet products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-019903" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1427" } ], "trust": 0.6 } }
var-202302-1298
Vulnerability from variot
An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands. fortinet's FortiProxy and FortiOS Exists in a permission management vulnerability.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1298", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.9" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.2.1" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.8" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.2.2" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.8" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.2.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.2.0 that\u0027s all 7.2.1" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.0.0 that\u0027s all 7.0.8" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004441" }, { "db": "NVD", "id": "CVE-2022-38378" } ] }, "cve": "CVE-2022-38378", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "id": "CVE-2022-38378", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@fortinet.com", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 0.8, "id": "CVE-2022-38378", "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.0, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-38378", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-38378", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-38378", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2022-38378", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202302-1438", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004441" }, { "db": "CNNVD", "id": "CNNVD-202302-1438" }, { "db": "NVD", "id": "CVE-2022-38378" }, { "db": "NVD", "id": "CVE-2022-38378" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users)\u00a0to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands. fortinet\u0027s FortiProxy and FortiOS Exists in a permission management vulnerability.Information may be obtained and information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2022-38378" }, { "db": "JVNDB", "id": "JVNDB-2023-004441" }, { "db": "VULHUB", "id": "VHN-434172" }, { "db": "VULMON", "id": "CVE-2022-38378" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-38378", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2023-004441", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202302-1438", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-434172", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-38378", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-434172" }, { "db": "VULMON", "id": "CVE-2022-38378" }, { "db": "JVNDB", "id": "JVNDB-2023-004441" }, { "db": "CNNVD", "id": "CNNVD-202302-1438" }, { "db": "NVD", "id": "CVE-2022-38378" } ] }, "id": "VAR-202302-1298", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-434172" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T13:42:03.976000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-22-346", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-22-346" }, { "title": "Fortinet FortiOS Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226807" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004441" }, { "db": "CNNVD", "id": "CNNVD-202302-1438" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-269", "trust": 1.1 }, { "problemtype": "Improper authority management (CWE-269) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-434172" }, { "db": "JVNDB", "id": "JVNDB-2023-004441" }, { "db": "NVD", "id": "CVE-2022-38378" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-22-346" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38378" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-38378/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-434172" }, { "db": "VULMON", "id": "CVE-2022-38378" }, { "db": "JVNDB", "id": "JVNDB-2023-004441" }, { "db": "CNNVD", "id": "CNNVD-202302-1438" }, { "db": "NVD", "id": "CVE-2022-38378" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-434172" }, { "db": "VULMON", "id": "CVE-2022-38378" }, { "db": "JVNDB", "id": "JVNDB-2023-004441" }, { "db": "CNNVD", "id": "CNNVD-202302-1438" }, { "db": "NVD", "id": "CVE-2022-38378" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-16T00:00:00", "db": "VULHUB", "id": "VHN-434172" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2022-38378" }, { "date": "2023-10-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-004441" }, { "date": "2023-02-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1438" }, { "date": "2023-02-16T19:15:12.930000", "db": "NVD", "id": "CVE-2022-38378" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-24T00:00:00", "db": "VULHUB", "id": "VHN-434172" }, { "date": "2023-02-16T00:00:00", "db": "VULMON", "id": "CVE-2022-38378" }, { "date": "2023-10-30T06:16:00", "db": "JVNDB", "id": "JVNDB-2023-004441" }, { "date": "2023-02-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-1438" }, { "date": "2023-11-07T03:50:06.943000", "db": "NVD", "id": "CVE-2022-38378" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1438" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "fortinet\u0027s \u00a0FortiProxy\u00a0 and \u00a0FortiOS\u00a0 Vulnerability in privilege management in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-004441" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-1438" } ], "trust": 0.6 } }
var-202207-0087
Vulnerability from variot
A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. FortiOS and FortiProxy Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0087", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.7" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.13" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.9" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.14" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.6" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.2.11" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "2.0.8" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015237" }, { "db": "NVD", "id": "CVE-2021-44170" } ] }, "cve": "CVE-2021-44170", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "id": "CVE-2021-44170", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 6.7, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-015237", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-44170", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-44170", "trust": 1.0, "value": "MEDIUM" }, { "author": "OTHER", "id": "JVNDB-2022-015237", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202207-373", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015237" }, { "db": "CNNVD", "id": "CNNVD-202207-373" }, { "db": "NVD", "id": "CVE-2021-44170" }, { "db": "NVD", "id": "CVE-2021-44170" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. FortiOS and FortiProxy Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2021-44170" }, { "db": "JVNDB", "id": "JVNDB-2022-015237" }, { "db": "VULHUB", "id": "VHN-406777" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44170", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2022-015237", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022070513", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-373", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-406777", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-406777" }, { "db": "JVNDB", "id": "JVNDB-2022-015237" }, { "db": "CNNVD", "id": "CNNVD-202207-373" }, { "db": "NVD", "id": "CVE-2021-44170" } ] }, "id": "VAR-202207-0087", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-406777" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T14:55:24.630000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-179", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-21-179" }, { "title": "Fortinet FortiProxy Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201339" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015237" }, { "db": "CNNVD", "id": "CNNVD-202207-373" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-406777" }, { "db": "JVNDB", "id": "JVNDB-2022-015237" }, { "db": "NVD", "id": "CVE-2021-44170" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/psirt/fg-ir-21-179" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44170" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-44170/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022070513" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortinet-fortios-buffer-overflow-via-cli-38742" } ], "sources": [ { "db": "VULHUB", "id": "VHN-406777" }, { "db": "JVNDB", "id": "JVNDB-2022-015237" }, { "db": "CNNVD", "id": "CNNVD-202207-373" }, { "db": "NVD", "id": "CVE-2021-44170" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-406777" }, { "db": "JVNDB", "id": "JVNDB-2022-015237" }, { "db": "CNNVD", "id": "CNNVD-202207-373" }, { "db": "NVD", "id": "CVE-2021-44170" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-18T00:00:00", "db": "VULHUB", "id": "VHN-406777" }, { "date": "2023-09-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-015237" }, { "date": "2022-07-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-373" }, { "date": "2022-07-18T17:15:08.483000", "db": "NVD", "id": "CVE-2021-44170" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-25T00:00:00", "db": "VULHUB", "id": "VHN-406777" }, { "date": "2023-09-26T01:58:00", "db": "JVNDB", "id": "JVNDB-2022-015237" }, { "date": "2022-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-373" }, { "date": "2022-07-25T17:05:58.760000", "db": "NVD", "id": "CVE-2021-44170" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-373" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiOS\u00a0 and \u00a0FortiProxy\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015237" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-373" } ], "trust": 0.6 } }
var-202205-0281
Vulnerability from variot
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. Fortinet FortiOS Contains a vulnerability related to information leakage due to error messages.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. The vulnerability stems from the excessive data output in the error message generated by the server. A remote attacker can use this vulnerability to lure the victim to connect to a malicious web server and retrieve the client of the web proxy through a same-origin HTTP request. End user name and IP
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0281", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.2" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "2.0.9" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.8" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.2.10" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.4" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.0.14" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-010449" }, { "db": "NVD", "id": "CVE-2021-43206" } ] }, "cve": "CVE-2021-43206", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-43206", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-404253", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-43206", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "None", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2022-010449", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-43206", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-43206", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-43206", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202205-1941", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-404253", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-43206", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-404253" }, { "db": "VULMON", "id": "CVE-2021-43206" }, { "db": "JVNDB", "id": "JVNDB-2022-010449" }, { "db": "CNNVD", "id": "CNNVD-202205-1941" }, { "db": "NVD", "id": "CVE-2021-43206" }, { "db": "NVD", "id": "CVE-2021-43206" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy\u0027s client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. Fortinet FortiOS Contains a vulnerability related to information leakage due to error messages.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. The vulnerability stems from the excessive data output in the error message generated by the server. A remote attacker can use this vulnerability to lure the victim to connect to a malicious web server and retrieve the client of the web proxy through a same-origin HTTP request. End user name and IP", "sources": [ { "db": "NVD", "id": "CVE-2021-43206" }, { "db": "JVNDB", "id": "JVNDB-2022-010449" }, { "db": "VULHUB", "id": "VHN-404253" }, { "db": "VULMON", "id": "CVE-2021-43206" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-43206", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-010449", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022050318", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-1941", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2022-50947", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-404253", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-43206", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-404253" }, { "db": "VULMON", "id": "CVE-2021-43206" }, { "db": "JVNDB", "id": "JVNDB-2022-010449" }, { "db": "CNNVD", "id": "CNNVD-202205-1941" }, { "db": "NVD", "id": "CVE-2021-43206" } ] }, "id": "VAR-202205-0281", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-404253" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:54:35.720000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-2316", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-21-231" }, { "title": "Fortinet FortiOS Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191271" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-010449" }, { "db": "CNNVD", "id": "CNNVD-202205-1941" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-209", "trust": 1.1 }, { "problemtype": "Information leakage due to error message (CWE-209) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-404253" }, { "db": "JVNDB", "id": "JVNDB-2022-010449" }, { "db": "NVD", "id": "CVE-2021-43206" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/psirt/fg-ir-21-231" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43206" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-information-disclosure-via-web-proxy-error-pages-38209" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022050318" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-43206/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/209.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-404253" }, { "db": "VULMON", "id": "CVE-2021-43206" }, { "db": "JVNDB", "id": "JVNDB-2022-010449" }, { "db": "CNNVD", "id": "CNNVD-202205-1941" }, { "db": "NVD", "id": "CVE-2021-43206" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-404253" }, { "db": "VULMON", "id": "CVE-2021-43206" }, { "db": "JVNDB", "id": "JVNDB-2022-010449" }, { "db": "CNNVD", "id": "CNNVD-202205-1941" }, { "db": "NVD", "id": "CVE-2021-43206" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-04T00:00:00", "db": "VULHUB", "id": "VHN-404253" }, { "date": "2022-05-04T00:00:00", "db": "VULMON", "id": "CVE-2021-43206" }, { "date": "2023-08-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-010449" }, { "date": "2022-05-03T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-1941" }, { "date": "2022-05-04T16:15:08.227000", "db": "NVD", "id": "CVE-2021-43206" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-13T00:00:00", "db": "VULHUB", "id": "VHN-404253" }, { "date": "2022-05-13T00:00:00", "db": "VULMON", "id": "CVE-2021-43206" }, { "date": "2023-08-15T06:55:00", "db": "JVNDB", "id": "JVNDB-2022-010449" }, { "date": "2022-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-1941" }, { "date": "2024-11-21T06:28:50.743000", "db": "NVD", "id": "CVE-2021-43206" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-1941" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet\u00a0FortiOS\u00a0 Vulnerability regarding information leakage due to error messages in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-010449" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-1941" } ], "trust": 0.6 } }
var-202106-0668
Vulnerability from variot
A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the diagnose sys cpuset
with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. FortiProxy Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. Fortinet FortiProxy SSL VPN has a buffer overflow vulnerability that stems from a boundary error in the FortiProxy physical appliance CLI. The following products and versions are affected: FortiProxy: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.1.0, 1.1.1, 1.1 .2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7 , 1.2.8, 1.2.9, 2.0.0, 2.0.1
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0668", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.7" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.6" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "2.0.2" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortiproxy", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "1.2.10" }, { "model": "fortiproxy", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007672" }, { "db": "NVD", "id": "CVE-2021-22130" } ] }, "cve": "CVE-2021-22130", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2021-22130", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "VHN-380539", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.2, "id": "CVE-2021-22130", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@fortinet.com", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "id": "CVE-2021-22130", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 4.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-22130", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-22130", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-22130", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-22130", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-015", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-380539", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-22130", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-380539" }, { "db": "VULMON", "id": "CVE-2021-22130" }, { "db": "JVNDB", "id": "JVNDB-2021-007672" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-015" }, { "db": "NVD", "id": "CVE-2021-22130" }, { "db": "NVD", "id": "CVE-2021-22130" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. FortiProxy Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. Fortinet FortiProxy SSL VPN has a buffer overflow vulnerability that stems from a boundary error in the FortiProxy physical appliance CLI. The following products and versions are affected: FortiProxy: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.1.0, 1.1.1, 1.1 .2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7 , 1.2.8, 1.2.9, 2.0.0, 2.0.1", "sources": [ { "db": "NVD", "id": "CVE-2021-22130" }, { "db": "JVNDB", "id": "JVNDB-2021-007672" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-380539" }, { "db": "VULMON", "id": "CVE-2021-22130" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-22130", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2021-007672", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1889", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060123", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-015", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-380539", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-22130", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-380539" }, { "db": "VULMON", "id": "CVE-2021-22130" }, { "db": "JVNDB", "id": "JVNDB-2021-007672" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-015" }, { "db": "NVD", "id": "CVE-2021-22130" } ] }, "id": "VAR-202106-0668", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-380539" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T12:37:33.189000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-006", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-21-006" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007672" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-380539" }, { "db": "JVNDB", "id": "JVNDB-2021-007672" }, { "db": "NVD", "id": "CVE-2021-22130" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/advisory/fg-ir-21-006" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22130" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060123" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1889" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-380539" }, { "db": "VULMON", "id": "CVE-2021-22130" }, { "db": "JVNDB", "id": "JVNDB-2021-007672" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-015" }, { "db": "NVD", "id": "CVE-2021-22130" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-380539" }, { "db": "VULMON", "id": "CVE-2021-22130" }, { "db": "JVNDB", "id": "JVNDB-2021-007672" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-015" }, { "db": "NVD", "id": "CVE-2021-22130" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-03T00:00:00", "db": "VULHUB", "id": "VHN-380539" }, { "date": "2021-06-03T00:00:00", "db": "VULMON", "id": "CVE-2021-22130" }, { "date": "2022-02-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-007672" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-06-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-015" }, { "date": "2021-06-03T11:15:08.527000", "db": "NVD", "id": "CVE-2021-22130" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-11T00:00:00", "db": "VULHUB", "id": "VHN-380539" }, { "date": "2021-06-11T00:00:00", "db": "VULMON", "id": "CVE-2021-22130" }, { "date": "2022-02-18T09:13:00", "db": "JVNDB", "id": "JVNDB-2021-007672" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-06-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-015" }, { "date": "2021-06-11T17:11:21.330000", "db": "NVD", "id": "CVE-2021-22130" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-015" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiProxy\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007672" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-202103-0560
Vulnerability from variot
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. FortiProxy Contains an improper authentication vulnerability.Information may be obtained. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. There is a security vulnerability in FortiProxy SSL VPN, which allows attackers to exploit the vulnerability to obtain credentials of SSL VPN users
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0560", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.9" }, { "model": "fortiproxy", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiproxy", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "1.2.9 and earlier" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004234" }, { "db": "NVD", "id": "CVE-2021-22128" } ] }, "cve": "CVE-2021-22128", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2021-22128", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-380537", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-22128", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-22128", "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-22128", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-22128", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-22128", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-22128", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202103-324", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-380537", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-380537" }, { "db": "JVNDB", "id": "JVNDB-2021-004234" }, { "db": "CNNVD", "id": "CNNVD-202103-324" }, { "db": "NVD", "id": "CVE-2021-22128" }, { "db": "NVD", "id": "CVE-2021-22128" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. FortiProxy Contains an improper authentication vulnerability.Information may be obtained. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. There is a security vulnerability in FortiProxy SSL VPN, which allows attackers to exploit the vulnerability to obtain credentials of SSL VPN users", "sources": [ { "db": "NVD", "id": "CVE-2021-22128" }, { "db": "JVNDB", "id": "JVNDB-2021-004234" }, { "db": "VULHUB", "id": "VHN-380537" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-22128", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2021-004234", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202103-324", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.0775", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-380537", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-380537" }, { "db": "JVNDB", "id": "JVNDB-2021-004234" }, { "db": "CNNVD", "id": "CNNVD-202103-324" }, { "db": "NVD", "id": "CVE-2021-22128" } ] }, "id": "VAR-202103-0560", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-380537" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:51:14.755000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-20-235", "trust": 0.8, "url": "https://fortiguard.com/advisory/FG-IR-20-235" }, { "title": "Fortinet FortiProxy SSL VPN Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143734" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004234" }, { "db": "CNNVD", "id": "CNNVD-202103-324" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004234" }, { "db": "NVD", "id": "CVE-2021-22128" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-20-235" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22128" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0775" } ], "sources": [ { "db": "VULHUB", "id": "VHN-380537" }, { "db": "JVNDB", "id": "JVNDB-2021-004234" }, { "db": "CNNVD", "id": "CNNVD-202103-324" }, { "db": "NVD", "id": "CVE-2021-22128" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-380537" }, { "db": "JVNDB", "id": "JVNDB-2021-004234" }, { "db": "CNNVD", "id": "CNNVD-202103-324" }, { "db": "NVD", "id": "CVE-2021-22128" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-04T00:00:00", "db": "VULHUB", "id": "VHN-380537" }, { "date": "2021-11-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-004234" }, { "date": "2021-03-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202103-324" }, { "date": "2021-03-04T18:15:13.130000", "db": "NVD", "id": "CVE-2021-22128" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-12T00:00:00", "db": "VULHUB", "id": "VHN-380537" }, { "date": "2021-11-17T03:16:00", "db": "JVNDB", "id": "JVNDB-2021-004234" }, { "date": "2022-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202103-324" }, { "date": "2024-11-21T05:49:33.540000", "db": "NVD", "id": "CVE-2021-22128" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202103-324" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiProxy\u00a0 Authentication Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004234" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202103-324" } ], "trust": 0.6 } }
var-202112-0330
Vulnerability from variot
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. FortiOS and FortiProxy Exists in a past traversal vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0330", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.1" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.1" }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "7.0.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015884" }, { "db": "NVD", "id": "CVE-2021-41024" } ] }, "cve": "CVE-2021-41024", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-41024", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-402294", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-41024", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-015884", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-41024", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-41024", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-41024", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202112-531", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-402294", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-402294" }, { "db": "JVNDB", "id": "JVNDB-2021-015884" }, { "db": "CNNVD", "id": "CNNVD-202112-531" }, { "db": "NVD", "id": "CVE-2021-41024" }, { "db": "NVD", "id": "CVE-2021-41024" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. FortiOS and FortiProxy Exists in a past traversal vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam", "sources": [ { "db": "NVD", "id": "CVE-2021-41024" }, { "db": "JVNDB", "id": "JVNDB-2021-015884" }, { "db": "VULHUB", "id": "VHN-402294" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-41024", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-015884", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202112-531", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.4147", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021120718", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2021-101142", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-402294", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-402294" }, { "db": "JVNDB", "id": "JVNDB-2021-015884" }, { "db": "CNNVD", "id": "CNNVD-202112-531" }, { "db": "NVD", "id": "CVE-2021-41024" } ] }, "id": "VAR-202112-0330", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-402294" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:05:05.782000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-181", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-21-181" }, { "title": "Fortinet FortiOS Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173873" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015884" }, { "db": "CNNVD", "id": "CNNVD-202112-531" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.1 }, { "problemtype": "Path traversal (CWE-22) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-402294" }, { "db": "JVNDB", "id": "JVNDB-2021-015884" }, { "db": "NVD", "id": "CVE-2021-41024" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-21-181" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41024" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4147" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021120718" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-directory-traversal-via-login-page-37027" } ], "sources": [ { "db": "VULHUB", "id": "VHN-402294" }, { "db": "JVNDB", "id": "JVNDB-2021-015884" }, { "db": "CNNVD", "id": "CNNVD-202112-531" }, { "db": "NVD", "id": "CVE-2021-41024" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-402294" }, { "db": "JVNDB", "id": "JVNDB-2021-015884" }, { "db": "CNNVD", "id": "CNNVD-202112-531" }, { "db": "NVD", "id": "CVE-2021-41024" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-08T00:00:00", "db": "VULHUB", "id": "VHN-402294" }, { "date": "2022-12-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-015884" }, { "date": "2021-12-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-531" }, { "date": "2021-12-08T13:15:07.957000", "db": "NVD", "id": "CVE-2021-41024" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-09T00:00:00", "db": "VULHUB", "id": "VHN-402294" }, { "date": "2022-12-01T07:33:00", "db": "JVNDB", "id": "JVNDB-2021-015884" }, { "date": "2021-12-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-531" }, { "date": "2024-11-21T06:25:17.477000", "db": "NVD", "id": "CVE-2021-41024" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-531" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiOS\u00a0 and \u00a0FortiProxy\u00a0 Past traversal vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015884" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-531" } ], "trust": 0.6 } }
var-201906-0816
Vulnerability from variot
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and prior versions are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0816", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.8" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.2" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.7" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.12" }, { "model": "fortios", "scope": "lte", "trust": 0.8, "vendor": "fortinet", "version": "5.4" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "5.6.0 to 5.6.7" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "6.0.0 to 6.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "6.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.13" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.13" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.7.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.19" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.17" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.15" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.8" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.2.13" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.1.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.1.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.36" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.9" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.12" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.18" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.16" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.14" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.13" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.12" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "6.2" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "6.0.5" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.6.8" } ], "sources": [ { "db": "BID", "id": "108681" }, { "db": "JVNDB", "id": "JVNDB-2018-015566" }, { "db": "NVD", "id": "CVE-2018-13380" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:fortinet:fortios", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015566" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Meh Chang and Orange Tsai from DEVCORE Security Research Team.", "sources": [ { "db": "BID", "id": "108681" }, { "db": "CNNVD", "id": "CNNVD-201905-1024" } ], "trust": 0.9 }, "cve": "CVE-2018-13380", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2018-13380", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-123434", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2018-13380", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2018-13380", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2018-13380", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-13380", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2018-13380", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-13380", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201905-1024", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-123434", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-13380", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-123434" }, { "db": "VULMON", "id": "CVE-2018-13380" }, { "db": "JVNDB", "id": "JVNDB-2018-015566" }, { "db": "CNNVD", "id": "CNNVD-201905-1024" }, { "db": "NVD", "id": "CVE-2018-13380" }, { "db": "NVD", "id": "CVE-2018-13380" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nFortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and prior versions are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2018-13380" }, { "db": "JVNDB", "id": "JVNDB-2018-015566" }, { "db": "BID", "id": "108681" }, { "db": "VULHUB", "id": "VHN-123434" }, { "db": "VULMON", "id": "CVE-2018-13380" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-13380", "trust": 2.9 }, { "db": "BID", "id": "108681", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2018-015566", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2021.0775", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201905-1024", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-123434", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-13380", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-123434" }, { "db": "VULMON", "id": "CVE-2018-13380" }, { "db": "BID", "id": "108681" }, { "db": "JVNDB", "id": "JVNDB-2018-015566" }, { "db": "CNNVD", "id": "CNNVD-201905-1024" }, { "db": "NVD", "id": "CVE-2018-13380" } ] }, "id": "VAR-201906-0816", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-123434" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:51:14.779000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-18-383", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-18-383" }, { "title": "Fortinet FortiOS Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92976" }, { "title": "forti-vpn", "trust": 0.1, "url": "https://github.com/jam620/forti-vpn " }, { "title": "nuclei-templates", "trust": 0.1, "url": "https://github.com/storenth/nuclei-templates " }, { "title": "kenzer-templates", "trust": 0.1, "url": "https://github.com/Elsfa7-110/kenzer-templates " }, { "title": "kenzer-templates", "trust": 0.1, "url": "https://github.com/ARPSyndicate/kenzer-templates " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-13380" }, { "db": "JVNDB", "id": "JVNDB-2018-015566" }, { "db": "CNNVD", "id": "CNNVD-201905-1024" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-123434" }, { "db": "JVNDB", "id": "JVNDB-2018-015566" }, { "db": "NVD", "id": "CVE-2018-13380" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/advisory/fg-ir-18-383" }, { "trust": 1.8, "url": "https://fortiguard.com/advisory/fg-ir-20-230" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13380" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/108681" }, { "trust": 0.9, "url": "https://www.fortinet.com/products/fortigate/fortios.html" }, { "trust": 0.9, "url": "https://fortiguard.com/psirt/fg-ir-18-383" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13380" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-cross-site-scripting-via-ssl-vpn-portal-30135" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-cross-site-scripting-via-the-vpn-portal-29412" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0775" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/jam620/forti-vpn" }, { "trust": 0.1, "url": "https://github.com/storenth/nuclei-templates" } ], "sources": [ { "db": "VULHUB", "id": "VHN-123434" }, { "db": "VULMON", "id": "CVE-2018-13380" }, { "db": "BID", "id": "108681" }, { "db": "JVNDB", "id": "JVNDB-2018-015566" }, { "db": "CNNVD", "id": "CNNVD-201905-1024" }, { "db": "NVD", "id": "CVE-2018-13380" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-123434" }, { "db": "VULMON", "id": "CVE-2018-13380" }, { "db": "BID", "id": "108681" }, { "db": "JVNDB", "id": "JVNDB-2018-015566" }, { "db": "CNNVD", "id": "CNNVD-201905-1024" }, { "db": "NVD", "id": "CVE-2018-13380" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-04T00:00:00", "db": "VULHUB", "id": "VHN-123434" }, { "date": "2019-06-04T00:00:00", "db": "VULMON", "id": "CVE-2018-13380" }, { "date": "2019-05-24T00:00:00", "db": "BID", "id": "108681" }, { "date": "2019-06-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015566" }, { "date": "2019-05-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-1024" }, { "date": "2019-06-04T21:29:00.267000", "db": "NVD", "id": "CVE-2018-13380" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-01-22T00:00:00", "db": "VULHUB", "id": "VHN-123434" }, { "date": "2021-04-06T00:00:00", "db": "VULMON", "id": "CVE-2018-13380" }, { "date": "2019-05-24T00:00:00", "db": "BID", "id": "108681" }, { "date": "2019-06-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015566" }, { "date": "2021-03-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-1024" }, { "date": "2024-11-21T03:46:59.383000", "db": "NVD", "id": "CVE-2018-13380" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-1024" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet FortiOS Vulnerable to cross-site scripting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015566" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-1024" } ], "trust": 0.6 } }
var-202112-0289
Vulnerability from variot
An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. FortiOS autod daemon and FortiProxy Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0289", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.6" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.7" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.12" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.9" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.14" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.6" }, { "model": "fortiproxy", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "2.0.1" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.0.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortiproxy", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "1.1.0" }, { "model": "fortiproxy", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "1.2.9" }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortiproxy", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016016" }, { "db": "NVD", "id": "CVE-2021-26110" } ] }, "cve": "CVE-2021-26110", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2021-26110", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-385074", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-26110", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-016016", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-26110", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-26110", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-26110", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202112-532", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-385074", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-385074" }, { "db": "JVNDB", "id": "JVNDB-2021-016016" }, { "db": "CNNVD", "id": "CNNVD-202112-532" }, { "db": "NVD", "id": "CVE-2021-26110" }, { "db": "NVD", "id": "CVE-2021-26110" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. FortiOS autod daemon and FortiProxy Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam", "sources": [ { "db": "NVD", "id": "CVE-2021-26110" }, { "db": "JVNDB", "id": "JVNDB-2021-016016" }, { "db": "VULHUB", "id": "VHN-385074" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-26110", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-016016", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202112-532", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.4147", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021120717", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-385074", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-385074" }, { "db": "JVNDB", "id": "JVNDB-2021-016016" }, { "db": "CNNVD", "id": "CNNVD-202112-532" }, { "db": "NVD", "id": "CVE-2021-26110" } ] }, "id": "VAR-202112-0289", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-385074" } ], "trust": 0.01 }, "last_update_date": "2024-08-14T14:02:55.097000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-20-131", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/FG-IR-20-131" }, { "title": "Fortinet FortiOS Fixes for access control error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173726" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016016" }, { "db": "CNNVD", "id": "CNNVD-202112-532" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "others (CWE-Other) [NVD evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-269", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-385074" }, { "db": "JVNDB", "id": "JVNDB-2021-016016" }, { "db": "NVD", "id": "CVE-2021-26110" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-20-131" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26110" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4147" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021120717" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-privilege-escalation-via-automation-script-feature-37019" } ], "sources": [ { "db": "VULHUB", "id": "VHN-385074" }, { "db": "JVNDB", "id": "JVNDB-2021-016016" }, { "db": "CNNVD", "id": "CNNVD-202112-532" }, { "db": "NVD", "id": "CVE-2021-26110" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-385074" }, { "db": "JVNDB", "id": "JVNDB-2021-016016" }, { "db": "CNNVD", "id": "CNNVD-202112-532" }, { "db": "NVD", "id": "CVE-2021-26110" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-08T00:00:00", "db": "VULHUB", "id": "VHN-385074" }, { "date": "2022-12-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-016016" }, { "date": "2021-12-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-532" }, { "date": "2021-12-08T11:15:11.683000", "db": "NVD", "id": "CVE-2021-26110" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-12T00:00:00", "db": "VULHUB", "id": "VHN-385074" }, { "date": "2022-12-05T06:46:00", "db": "JVNDB", "id": "JVNDB-2021-016016" }, { "date": "2022-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-532" }, { "date": "2022-07-12T17:42:04.277000", "db": "NVD", "id": "CVE-2021-26110" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-532" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiOS\u00a0autod\u00a0daemon\u00a0 and \u00a0FortiProxy\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-016016" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-532" } ], "trust": 0.6 } }