Vulnerabilites related to Fortinet - FortiWLC
Vulnerability from fkie_nvd
Published
2016-10-05 16:59
Modified
2024-11-21 02:58
Severity ?
Summary
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://fortiguard.com/advisory/FG-IR-16-029 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/93286 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://fortiguard.com/advisory/FG-IR-16-029 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93286 | Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "66B34DBA-D142-48C5-81BB-341EFCBA3002", versionEndIncluding: "6.1-2-29", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:7.0-9-1:*:*:*:*:*:*:*", matchCriteriaId: "FD17F5C3-C9C3-41C2-9F01-BF37D39FE424", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:7.0-10-0:*:*:*:*:*:*:*", matchCriteriaId: "077E32D0-4309-486F-8240-7E381F4A11D3", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.0-5-0:*:*:*:*:*:*:*", matchCriteriaId: "509453A9-97DC-48B0-A62F-9752CE5C6B76", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.1-2-0:*:*:*:*:*:*:*", matchCriteriaId: "8F3D7433-DE22-4406-848C-B16E6CE9BE03", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.2-4-0:*:*:*:*:*:*:*", matchCriteriaId: "5D237E43-F18A-4A4A-8938-D0DDF24AD681", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.", }, { lang: "es", value: "El servidor rsyncd en Fortinet FortiWLC 6.1-2-29 y versiones anteriores, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0 y 8.2-4-0 tiene una cuenta rsync embebida, lo que permite a atacantes remotos leer o escribir archivos arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2016-7560", lastModified: "2024-11-21T02:58:12.563", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-10-05T16:59:07.900", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://fortiguard.com/advisory/FG-IR-16-029", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://fortiguard.com/advisory/FG-IR-16-029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93286", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-08 04:29
Modified
2024-11-21 03:18
Severity ?
Summary
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | http://www.securityfocus.com/bid/104119 | Third Party Advisory, VDB Entry | |
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-17-274 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104119 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-17-274 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "7337AA30-3FBE-4AC4-ABED-5B6976573E19", versionEndIncluding: "7.0.11", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "709F03A8-5B27-472A-AAAF-6D0B2BAD3099", versionEndIncluding: "8.3.3", versionStartIncluding: "8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.", }, { lang: "es", value: "La presencia de una cuenta embebida en Fortinet FortiWLC en versiones 7.0.11 y anteriores permite que atacantes obtengan acceso de lectura/escritura mediante un shell remoto.", }, ], id: "CVE-2017-17539", lastModified: "2024-11-21T03:18:07.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-08T04:29:00.207", references: [ { source: "psirt@fortinet.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104119", }, { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-17-274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-17-274", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-22 10:15
Modified
2025-02-12 13:39
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-21-254 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiadc | * | |
| fortinet | fortiauthenticator | * | |
| fortinet | fortiauthenticator | * | |
| fortinet | fortiddos | * | |
| fortinet | fortiddos-f | * | |
| fortinet | fortimail | * | |
| fortinet | fortindr | * | |
| fortinet | fortindr | 7.2.0 | |
| fortinet | fortiproxy | * | |
| fortinet | fortiproxy | * | |
| fortinet | fortirecorder | * | |
| fortinet | fortirecorder | * | |
| fortinet | fortisoar | * | |
| fortinet | fortitester | * | |
| fortinet | fortivoice | * | |
| fortinet | fortiwlc | * | |
| fortinet | fortios | * | |
| fortinet | fortios | * | |
| fortinet | fortiswitch | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", matchCriteriaId: "B7685DE5-EEF4-4EFF-9EE0-1ABC59A46B91", versionEndExcluding: "6.2.4", versionStartIncluding: "5.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*", matchCriteriaId: "959F9558-9C68-4046-AF5F-C543C9B5C3DE", versionEndExcluding: "6.3.4", versionStartIncluding: "6.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F857C3-0369-45CD-8745-FC6086A6B401", versionEndExcluding: "6.4.2", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*", matchCriteriaId: "5C2587E4-5D24-4C81-AD13-B3205FA07D14", versionEndExcluding: "5.5.2", versionStartIncluding: "5.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*", matchCriteriaId: "999EDF79-3052-4A4E-9B71-B0FEDEBFE33E", versionEndExcluding: "6.3.4", versionStartIncluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", matchCriteriaId: "9E3E1107-F78C-41B7-A8D4-E984EF551B1B", versionEndExcluding: "7.0.4", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", matchCriteriaId: "2798BBCF-0867-4C5B-9F28-6CD9846DAD7E", versionEndExcluding: "7.1.1", versionStartIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "06DD8B01-B4BC-432D-9045-40AD6DA84CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "C4BF015A-6391-40D1-9FC4-C73110A2D52E", versionEndExcluding: "7.0.5", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "CF9591AF-D4A5-44F6-8535-1D166646E118", versionEndExcluding: "7.4.0", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", matchCriteriaId: "0A7151C5-DB42-4F91-B84C-CDA9CEF73A23", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", matchCriteriaId: "2DDA9A48-7687-40A3-A14F-5EB89A20A386", versionEndExcluding: "6.4.3", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*", matchCriteriaId: "B72000EC-F0D5-4100-B0DB-7405EDE32C76", versionEndExcluding: "7.3.0", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "C8838FC8-770F-41ED-8F25-8E2953258677", versionEndExcluding: "7.2.2", versionStartIncluding: "3.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", matchCriteriaId: "C97B8181-C602-4E70-B3EA-CBE1FA62A220", versionEndExcluding: "6.4.9", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "C68A52C3-281D-4B4E-B0AA-0162D846BBB2", versionEndExcluding: "8.6.7", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "00C9C02B-E40F-4536-BC74-A7DA84E4B845", versionEndExcluding: "7.0.6", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "4562BDF7-D894-4CD8-95AC-9409FDEBE73F", versionEndExcluding: "7.2.5", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "FF5E55C0-C600-4234-AA0C-21259AA6D97F", versionEndExcluding: "7.0.5", versionStartIncluding: "6.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver", }, { lang: "es", value: "Una referencia controlada externamente a un recurso en otra esfera en Fortinet FortiManager anterior a la versión 7.4.3, FortiMail anterior a la versión 7.0.3, FortiAnalyzer anterior a la versión 7.4.3, FortiVoice versión 7.0.0, 7.0.1 y anterior a 6.4.8, FortiProxy anterior a la versión 7.0.4, FortiRecorder versión 6.4.0 a 6.4.2 y anterior a 6.0.10, FortiAuthenticator versión 6.4.0 a 6.4.1 y anterior a 6.3.3, FortiNDR versión 7.2.0 anterior a 7.1.0, FortiWLC anterior a la versión 8.6.4, FortiPortal anterior a la versión 6.0.9, FortiOS versión 7.2.0 y anterior a 7.0.5, FortiADC versión 7.0.0 a 7.0.1 y anterior 6.2.3, FortiDDoS anterior a la versión 5.5.1, FortiDDoS-F anterior a la versión 6.3.3, FortiTester anterior a la versión 7.2.1, FortiSOAR anterior a la versión 7.2.2 y FortiSwitch anterior a la versión 6.3.3 permiten a los atacantes envenenar cachés web a través de solicitudes HTTP manipulado, donde el encabezado `Host` apunta a un servidor web arbitrario.", }, ], id: "CVE-2022-23439", lastModified: "2025-02-12T13:39:42.107", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 2.7, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-01-22T10:15:07.737", references: [ { source: "psirt@fortinet.com", tags: [ "Broken Link", ], url: "https://fortiguard.com/psirt/FG-IR-21-254", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-610", }, ], source: "psirt@fortinet.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-19 08:15
Modified
2025-01-21 20:44
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-21-002 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "860117DD-3D1F-4460-8A21-F51509DDB67B", versionEndExcluding: "8.6.3", versionStartIncluding: "8.0.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.", }, { lang: "es", value: "Una vulnerabilidad de acceso a un puntero no inicializado (CWE-824) en FortiWLC versiones 8.6.0, 8.5.3 y anteriores puede permitir que un atacante local y autenticado bloquee el punto de acceso administrado por el controlador mediante la ejecución de un comando CLI manipulado específicamente.", }, ], id: "CVE-2021-26093", lastModified: "2025-01-21T20:44:31.650", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 2, impactScore: 4.7, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-12-19T08:15:14.717", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-21-002", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-824", }, ], source: "psirt@fortinet.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-08 04:29
Modified
2024-11-21 03:18
Severity ?
Summary
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | http://www.securityfocus.com/bid/104119 | Third Party Advisory, VDB Entry | |
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-17-274 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104119 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-17-274 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "7337AA30-3FBE-4AC4-ABED-5B6976573E19", versionEndIncluding: "7.0.11", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "709F03A8-5B27-472A-AAAF-6D0B2BAD3099", versionEndIncluding: "8.3.3", versionStartIncluding: "8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.", }, { lang: "es", value: "La presencia de una cuenta embebida en Fortinet FortiWLC 8.3.3 permite que atacantes obtengan acceso de lectura/escritura mediante un shell remoto.", }, ], id: "CVE-2017-17540", lastModified: "2024-11-21T03:18:07.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-08T04:29:00.380", references: [ { source: "psirt@fortinet.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104119", }, { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-17-274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-17-274", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-26 13:29
Modified
2024-11-21 03:31
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | http://www.securityfocus.com/bid/101287 | Third Party Advisory, VDB Entry | |
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-17-106 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101287 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-17-106 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiwlc | 6.1-2 | |
| fortinet | fortiwlc | 6.1-4 | |
| fortinet | fortiwlc | 6.1-5 | |
| fortinet | fortiwlc | 7.0-7 | |
| fortinet | fortiwlc | 7.0-8 | |
| fortinet | fortiwlc | 7.0-9 | |
| fortinet | fortiwlc | 7.0-10 | |
| fortinet | fortiwlc | 8.0 | |
| fortinet | fortiwlc | 8.1 | |
| fortinet | fortiwlc | 8.2 | |
| fortinet | fortiwlc | 8.3.0 | |
| fortinet | fortiwlc | 8.3.1 | |
| fortinet | fortiwlc | 8.3.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiwlc:6.1-2:*:*:*:*:*:*:*", matchCriteriaId: "D87F7FFB-1E43-4CEE-8F5C-85A6F87AF447", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:6.1-4:*:*:*:*:*:*:*", matchCriteriaId: "87D90FE1-EDA4-40F6-ADB0-969CAB8645F8", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:6.1-5:*:*:*:*:*:*:*", matchCriteriaId: "347BFB74-E014-4C31-B292-08BC6B96B2F7", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:7.0-7:*:*:*:*:*:*:*", matchCriteriaId: "5C562DA6-693C-4C16-A69A-17293C010D16", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:7.0-8:*:*:*:*:*:*:*", matchCriteriaId: "5005218E-1CE5-49D9-BBF8-07DC6BDE1E03", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:7.0-9:*:*:*:*:*:*:*", matchCriteriaId: "224292C5-AA1F-4ECE-A89A-08DD0BD5CDCC", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:7.0-10:*:*:*:*:*:*:*", matchCriteriaId: "743234D6-C2B9-4980-969D-C6811142CAE5", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.0:*:*:*:*:*:*:*", matchCriteriaId: "7E03C8D2-C2DC-42FA-BB60-AAE542646B63", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.1:*:*:*:*:*:*:*", matchCriteriaId: "0CBAC292-6C47-41BC-92A0-2038280D3FB0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.2:*:*:*:*:*:*:*", matchCriteriaId: "CE5B0F43-DFFF-4603-AAB3-742F9E9F7ECE", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.3.0:*:*:*:*:*:*:*", matchCriteriaId: "138354E5-2281-422B-95D9-879D900DFF1B", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.3.1:*:*:*:*:*:*:*", matchCriteriaId: "6300548E-1D1B-4F9D-9894-0C4D2906E2A5", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.3.2:*:*:*:*:*:*:*", matchCriteriaId: "28C337BE-93A1-4AC4-87D3-4F620A05AF1B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters \"refresh\" and \"branchtotable\" present in HTTP POST requests.", }, { lang: "es", value: "Una vulnerabilidad de Cross-Site Scripting (XSS) en Fortinet FortiWLC en versiones 6.1-x (6.1-2, 6.1-4 y 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); y 8.x (8.0, 8.1, 8.2 y 8.3.0-8.3.2) permite que un usuario autenticado inyecte scripts web o HTML arbitrarios mediante parámetros \"refresh\" y \"branchtotable\" no sanitizados presentes en peticiones HTTP POST.", }, ], id: "CVE-2017-7335", lastModified: "2024-11-21T03:31:38.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-26T13:29:00.277", references: [ { source: "psirt@fortinet.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101287", }, { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-17-106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-17-106", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-01 17:59
Modified
2024-11-21 02:59
Severity ?
Summary
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | http://www.securityfocus.com/bid/94186 | Third Party Advisory, VDB Entry | |
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-16-065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94186 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-16-065 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:fortinet:fortiwlc:7.0-9-1:*:*:*:*:*:*:*", matchCriteriaId: "A842B7E0-7B16-4872-B18E-C05F30CD72CB", vulnerable: true, }, { criteria: "cpe:2.3:h:fortinet:fortiwlc:7.0-10-0:*:*:*:*:*:*:*", matchCriteriaId: "7EBCE7F9-9DA6-40BD-9266-FCF0846B6280", vulnerable: true, }, { criteria: "cpe:2.3:h:fortinet:fortiwlc:8.1-2-0:*:*:*:*:*:*:*", matchCriteriaId: "41B97F50-3CE8-48F8-B24A-4AA79C255C8F", vulnerable: true, }, { criteria: "cpe:2.3:h:fortinet:fortiwlc:8.1-3-2:*:*:*:*:*:*:*", matchCriteriaId: "4E60189C-EE4B-4910-BD58-35AB93482F0F", vulnerable: true, }, { criteria: "cpe:2.3:h:fortinet:fortiwlc:8.2-4-0:*:*:*:*:*:*:*", matchCriteriaId: "CA834964-1568-48B9-9828-32C6109597B1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.", }, { lang: "es", value: "La presencia de una cuenta embebida llamada 'core' en Fortinet FortiWLC permite a atacantes obtener acceso de lectura/escritura no autorizado a través de una shell remota.", }, ], id: "CVE-2016-8491", lastModified: "2024-11-21T02:59:28.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 9.4, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-01T17:59:00.153", references: [ { source: "psirt@fortinet.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94186", }, { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-16-065", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94186", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-16-065", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-10-05 16:59
Modified
2024-11-21 02:58
Severity ?
Summary
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://fortiguard.com/advisory/FG-IR-16-030 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/93282 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://fortiguard.com/advisory/FG-IR-16-030 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93282 | Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "66B34DBA-D142-48C5-81BB-341EFCBA3002", versionEndIncluding: "6.1-2-29", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:7.0-9-1:*:*:*:*:*:*:*", matchCriteriaId: "FD17F5C3-C9C3-41C2-9F01-BF37D39FE424", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:7.0-10-0:*:*:*:*:*:*:*", matchCriteriaId: "077E32D0-4309-486F-8240-7E381F4A11D3", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.0-5-0:*:*:*:*:*:*:*", matchCriteriaId: "509453A9-97DC-48B0-A62F-9752CE5C6B76", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.1-2-0:*:*:*:*:*:*:*", matchCriteriaId: "8F3D7433-DE22-4406-848C-B16E6CE9BE03", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.2-4-0:*:*:*:*:*:*:*", matchCriteriaId: "5D237E43-F18A-4A4A-8938-D0DDF24AD681", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.", }, { lang: "es", value: "Fortinet FortiWLC 6.1-2-29 y versiones anteriores, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0 y 8.2-4-0 permiten a administradores obtener credenciales sensibles de usuarios leyendo el archivo pam.log.", }, ], id: "CVE-2016-7561", lastModified: "2024-11-21T02:58:12.707", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-10-05T16:59:08.900", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://fortiguard.com/advisory/FG-IR-16-030", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://fortiguard.com/advisory/FG-IR-16-030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93282", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-22 16:15
Modified
2024-11-21 05:40
Severity ?
Summary
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-20-016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-20-016 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "6F3131A6-8236-4640-A21F-BF5DC6A8A733", versionEndIncluding: "8.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.", }, { lang: "es", value: "Una vulnerabilidad de neutralización inapropiada de la entrada en FortiWLC versión 8.5.1, permite a un atacante autenticado remoto realizar un ataque de tipo cross site scripting (XSS) almacenado por medio del perfil ESS o el perfil Radius", }, ], id: "CVE-2020-9288", lastModified: "2024-11-21T05:40:21.787", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-22T16:15:12.120", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-20-016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-20-016", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-08 11:15
Modified
2024-11-21 06:28
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-21-200 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-21-200 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiwlc | * | |
| fortinet | fortiwlc | * | |
| fortinet | fortiwlc | * | |
| fortinet | fortiwlc | 8.0.5 | |
| fortinet | fortiwlc | 8.0.6 | |
| fortinet | fortiwlc | 8.1.2 | |
| fortinet | fortiwlc | 8.1.3 | |
| fortinet | fortiwlc | 8.4.0 | |
| fortinet | fortiwlc | 8.4.1 | |
| fortinet | fortiwlc | 8.4.2 | |
| fortinet | fortiwlc | 8.4.4 | |
| fortinet | fortiwlc | 8.4.5 | |
| fortinet | fortiwlc | 8.4.6 | |
| fortinet | fortiwlc | 8.4.7 | |
| fortinet | fortiwlc | 8.4.8 | |
| fortinet | fortiwlc | 8.6.0 | |
| fortinet | fortiwlc | 8.6.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "25BFDC85-6897-4460-BFFA-509307495305", versionEndIncluding: "8.2.7", versionStartIncluding: "8.2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "ACFFE94E-710C-4510-9324-CCD328C7FD09", versionEndIncluding: "8.3.3", versionStartIncluding: "8.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "1B888278-5CAD-448A-8AB4-6FFEFFDDE3B2", versionEndIncluding: "8.5.5", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0DBFF939-7478-4D55-9744-EB43D353C267", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "698FF05A-E710-4F99-93CF-70CB18662823", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "CD7504A8-52B6-4FFC-A460-1AA6740E271B", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.1.3:*:*:*:*:*:*:*", matchCriteriaId: "DF1BA3B5-77A3-452A-91CD-4B734C54AC48", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4668970E-2C9D-4658-A382-521B2462B747", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*", matchCriteriaId: "1B8453C8-9F4D-4467-85AB-14CBD10A3004", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*", matchCriteriaId: "537154BA-D93B-4DE3-8EC3-1EFA918200AB", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*", matchCriteriaId: "73041763-E646-406A-898B-63983C2AEE87", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*", matchCriteriaId: "4D5F5D42-A30F-435B-BFD5-282DD75E957C", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*", matchCriteriaId: "8EB155DF-D4D5-4DD1-B978-1C612A182F5C", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*", matchCriteriaId: "62DE43F8-E402-4AFD-8E01-C1FBBECA5034", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*", matchCriteriaId: "59FF326F-1E0A-42FE-B0EC-709BE61AA815", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*", matchCriteriaId: "18D7B164-2D5E-427E-81F4-6BBDA51131DC", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*", matchCriteriaId: "A6647661-B965-41B0-B67A-33F9C050843B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.", }, { lang: "es", value: "Una vulnerabilidad de control de acceso inapropiado [CWE-284] en FortiWLC versiones 8.6.1 y posteriores, puede permitir a un atacante autenticado y remoto con bajos privilegios ejecutar cualquier comando como usuario administrador con plenos derechos de acceso por medio de omitir las restricciones de la Interfaz Gráfica de Usuario", }, ], id: "CVE-2021-42758", lastModified: "2024-11-21T06:28:06.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-08T11:15:11.887", references: [ { source: "psirt@fortinet.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-21-200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-21-200", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-26 13:29
Modified
2024-11-21 03:31
Severity ?
Summary
An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | http://www.securityfocus.com/bid/101273 | Third Party Advisory, VDB Entry | |
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-17-119 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101273 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-17-119 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "32B5AEE4-D578-49CB-82B8-BB234EC09F82", versionEndIncluding: "6.1-5", versionStartIncluding: "6.1-2", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "C743E7EB-4C55-482D-B39A-51EF4E1AF19E", versionEndIncluding: "7.0-10", versionStartIncluding: "7.0-7", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "6413A393-8FFC-46BC-92F1-DEA776815122", versionEndIncluding: "8.2", versionStartIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "5210AB0C-6778-42D9-8353-ABD2E4C1C2AB", versionEndIncluding: "8.3.2", versionStartIncluding: "8.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.", }, { lang: "es", value: "Una vulnerabilidad de inyección de comandos de sistema operativo en la interfaz de usuario web para la descarga de scripts en el punto de acceso al gestor de archivo ene Fortinet FortiWLC, desde la versión 6.1-2 hasta la 6.1-5, desde la 7.0-7 hasta la 7.0-10, la 8.0 hasta la 8.2 y la 8.3.0 hasta la 8.3.2 permite que un usuario administrador autenticado ejecute comandos arbitrarios de la consola del sistema mediante peticiones HTTP manipuladas.", }, ], id: "CVE-2017-7341", lastModified: "2024-11-21T03:31:39.327", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-26T13:29:00.370", references: [ { source: "psirt@fortinet.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101273", }, { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-17-119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101273", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-17-119", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202111-0307
Vulnerability from variot
A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information may be obtained. Fortinet FortiWLC is a wireless LAN controller from Fortinet
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-0307", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlm", scope: "gte", trust: 1, vendor: "fortinet", version: "8.2.2", }, { model: "fortiwlm", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.1", }, { model: "fortiwlm", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortiwlm", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "8.6.1 and earlier", }, { model: "fortiwlc", scope: "lte", trust: 0.6, vendor: "fortinet", version: "<=8.6.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84256", }, { db: "JVNDB", id: "JVNDB-2021-014567", }, { db: "NVD", id: "CVE-2021-36184", }, ], }, cve: "CVE-2021-36184", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2021-36184", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CNVD-2021-84256", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "VHN-398003", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2021-36184", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2021-36184", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-36184", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-36184", trust: 1, value: "MEDIUM", }, { author: "psirt@fortinet.com", id: "CVE-2021-36184", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-36184", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-84256", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202111-336", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-398003", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84256", }, { db: "VULHUB", id: "VHN-398003", }, { db: "JVNDB", id: "JVNDB-2021-014567", }, { db: "CNNVD", id: "CNNVD-202111-336", }, { db: "NVD", id: "CVE-2021-36184", }, { db: "NVD", id: "CVE-2021-36184", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information may be obtained. Fortinet FortiWLC is a wireless LAN controller from Fortinet", sources: [ { db: "NVD", id: "CVE-2021-36184", }, { db: "JVNDB", id: "JVNDB-2021-014567", }, { db: "CNVD", id: "CNVD-2021-84256", }, { db: "VULHUB", id: "VHN-398003", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-36184", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2021-014567", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202111-336", trust: 0.7, }, { db: "CNVD", id: "CNVD-2021-84256", trust: 0.6, }, { db: "CS-HELP", id: "SB2021120918", trust: 0.6, }, { db: "VULHUB", id: "VHN-398003", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84256", }, { db: "VULHUB", id: "VHN-398003", }, { db: "JVNDB", id: "JVNDB-2021-014567", }, { db: "CNNVD", id: "CNNVD-202111-336", }, { db: "NVD", id: "CVE-2021-36184", }, ], }, id: "VAR-202111-0307", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-84256", }, { db: "VULHUB", id: "VHN-398003", }, ], trust: 1.1466260149999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84256", }, ], }, last_update_date: "2024-08-14T14:31:31.576000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-21-107", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-21-107", }, { title: "Patch for Fortinet FortiWLM SQL injection vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/296831", }, { title: "Fortinet FortiWLC SQL Repair measures for injecting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169637", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84256", }, { db: "JVNDB", id: "JVNDB-2021-014567", }, { db: "CNNVD", id: "CNNVD-202111-336", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-89", trust: 1.1, }, { problemtype: "SQL injection (CWE-89) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-398003", }, { db: "JVNDB", id: "JVNDB-2021-014567", }, { db: "NVD", id: "CVE-2021-36184", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-36184", }, { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-21-107", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120918", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84256", }, { db: "VULHUB", id: "VHN-398003", }, { db: "JVNDB", id: "JVNDB-2021-014567", }, { db: "CNNVD", id: "CNNVD-202111-336", }, { db: "NVD", id: "CVE-2021-36184", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-84256", }, { db: "VULHUB", id: "VHN-398003", }, { db: "JVNDB", id: "JVNDB-2021-014567", }, { db: "CNNVD", id: "CNNVD-202111-336", }, { db: "NVD", id: "CVE-2021-36184", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-05T00:00:00", db: "CNVD", id: "CNVD-2021-84256", }, { date: "2021-11-02T00:00:00", db: "VULHUB", id: "VHN-398003", }, { date: "2022-10-20T00:00:00", db: "JVNDB", id: "JVNDB-2021-014567", }, { date: "2021-11-02T00:00:00", db: "CNNVD", id: "CNNVD-202111-336", }, { date: "2021-11-02T19:15:07.873000", db: "NVD", id: "CVE-2021-36184", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-05T00:00:00", db: "CNVD", id: "CNVD-2021-84256", }, { date: "2021-11-04T00:00:00", db: "VULHUB", id: "VHN-398003", }, { date: "2022-10-20T07:50:00", db: "JVNDB", id: "JVNDB-2021-014567", }, { date: "2021-12-13T00:00:00", db: "CNNVD", id: "CNNVD-202111-336", }, { date: "2021-11-04T14:36:17.723000", db: "NVD", id: "CVE-2021-36184", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202111-336", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLM In SQL Injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-014567", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SQL injection", sources: [ { db: "CNNVD", id: "CNNVD-202111-336", }, ], trust: 0.6, }, }
var-202111-0313
Vulnerability from variot
A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Fortinet FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLC is a wireless LAN controller from Fortinet
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-0313", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlm", scope: "gte", trust: 1, vendor: "fortinet", version: "8.2.2", }, { model: "fortiwlm", scope: "lte", trust: 1, vendor: "fortinet", version: "8.6.1", }, { model: "fortiwlm", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortiwlm", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "8.6.1 and earlier", }, { model: "fortiwlc", scope: "lte", trust: 0.6, vendor: "fortinet", version: "<=8.6.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84257", }, { db: "JVNDB", id: "JVNDB-2021-014535", }, { db: "NVD", id: "CVE-2021-36185", }, ], }, cve: "CVE-2021-36185", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2021-36185", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CNVD-2021-84257", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "VHN-398004", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2021-36185", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "OTHER", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2021-014535", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-36185", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2021-36185", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-36185", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-84257", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202111-335", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-398004", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-36185", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84257", }, { db: "VULHUB", id: "VHN-398004", }, { db: "VULMON", id: "CVE-2021-36185", }, { db: "JVNDB", id: "JVNDB-2021-014535", }, { db: "CNNVD", id: "CNNVD-202111-335", }, { db: "NVD", id: "CVE-2021-36185", }, { db: "NVD", id: "CVE-2021-36185", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Fortinet FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLC is a wireless LAN controller from Fortinet", sources: [ { db: "NVD", id: "CVE-2021-36185", }, { db: "JVNDB", id: "JVNDB-2021-014535", }, { db: "CNVD", id: "CNVD-2021-84257", }, { db: "VULHUB", id: "VHN-398004", }, { db: "VULMON", id: "CVE-2021-36185", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-36185", trust: 4, }, { db: "JVNDB", id: "JVNDB-2021-014535", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202111-335", trust: 0.7, }, { db: "CNVD", id: "CNVD-2021-84257", trust: 0.6, }, { db: "CS-HELP", id: "SB2021120918", trust: 0.6, }, { db: "VULHUB", id: "VHN-398004", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-36185", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84257", }, { db: "VULHUB", id: "VHN-398004", }, { db: "VULMON", id: "CVE-2021-36185", }, { db: "JVNDB", id: "JVNDB-2021-014535", }, { db: "CNNVD", id: "CNNVD-202111-335", }, { db: "NVD", id: "CVE-2021-36185", }, ], }, id: "VAR-202111-0313", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-84257", }, { db: "VULHUB", id: "VHN-398004", }, ], trust: 1.1466260149999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84257", }, ], }, last_update_date: "2024-08-14T14:31:31.608000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-21-110", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-21-110", }, { title: "Patch for Fortinet FortiWLM has unspecified vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/296836", }, { title: "Fortinet FortiWLC Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169477", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84257", }, { db: "JVNDB", id: "JVNDB-2021-014535", }, { db: "CNNVD", id: "CNNVD-202111-335", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-398004", }, { db: "JVNDB", id: "JVNDB-2021-014535", }, { db: "NVD", id: "CVE-2021-36185", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-36185", }, { trust: 1.8, url: "https://fortiguard.com/advisory/fg-ir-21-110", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120918", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-84257", }, { db: "VULHUB", id: "VHN-398004", }, { db: "VULMON", id: "CVE-2021-36185", }, { db: "JVNDB", id: "JVNDB-2021-014535", }, { db: "CNNVD", id: "CNNVD-202111-335", }, { db: "NVD", id: "CVE-2021-36185", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-84257", }, { db: "VULHUB", id: "VHN-398004", }, { db: "VULMON", id: "CVE-2021-36185", }, { db: "JVNDB", id: "JVNDB-2021-014535", }, { db: "CNNVD", id: "CNNVD-202111-335", }, { db: "NVD", id: "CVE-2021-36185", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-05T00:00:00", db: "CNVD", id: "CNVD-2021-84257", }, { date: "2021-11-02T00:00:00", db: "VULHUB", id: "VHN-398004", }, { date: "2021-11-02T00:00:00", db: "VULMON", id: "CVE-2021-36185", }, { date: "2022-10-20T00:00:00", db: "JVNDB", id: "JVNDB-2021-014535", }, { date: "2021-11-02T00:00:00", db: "CNNVD", id: "CNNVD-202111-335", }, { date: "2021-11-02T19:15:07.920000", db: "NVD", id: "CVE-2021-36185", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-05T00:00:00", db: "CNVD", id: "CNVD-2021-84257", }, { date: "2021-11-04T00:00:00", db: "VULHUB", id: "VHN-398004", }, { date: "2021-11-04T00:00:00", db: "VULMON", id: "CVE-2021-36185", }, { date: "2022-10-20T04:37:00", db: "JVNDB", id: "JVNDB-2021-014535", }, { date: "2021-12-13T00:00:00", db: "CNNVD", id: "CNNVD-202111-335", }, { date: "2021-11-04T13:58:34.310000", db: "NVD", id: "CVE-2021-36185", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202111-335", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLM In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-014535", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202111-335", }, ], trust: 0.6, }, }
var-201805-0224
Vulnerability from variot
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. Fortinet FortiWLC Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiWLC is a wireless controller from Fortinet. There is a hard-coded account vulnerability in FortinetFortiWLC versions 7.0.11 and earlier. Fortinet FortiWLC is prone to multiple information-disclosure vulnerabilities. Information obtained may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0224", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "7.0.11", }, { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "8.0", }, { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "8.3.3", }, { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0", }, { model: "fortiwlc", scope: null, trust: 0.8, vendor: "fortinet", version: null, }, { model: "fortiwlc", scope: "lte", trust: 0.6, vendor: "fortinet", version: "<=7.0.11", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3.3", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3.2", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0.11", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-9-1", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-9", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-8", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-7", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-10-0", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-10", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10699", }, { db: "BID", id: "104119", }, { db: "JVNDB", id: "JVNDB-2017-013365", }, { db: "NVD", id: "CVE-2017-17539", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:fortinet:fortiwlc", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-013365", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "University of Toronto", sources: [ { db: "BID", id: "104119", }, ], trust: 0.3, }, cve: "CVE-2017-17539", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2017-17539", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 7.8, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2018-10699", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-108571", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2017-17539", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-17539", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2017-17539", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2018-10699", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201712-460", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-108571", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2017-17539", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10699", }, { db: "VULHUB", id: "VHN-108571", }, { db: "VULMON", id: "CVE-2017-17539", }, { db: "JVNDB", id: "JVNDB-2017-013365", }, { db: "CNNVD", id: "CNNVD-201712-460", }, { db: "NVD", id: "CVE-2017-17539", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. Fortinet FortiWLC Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiWLC is a wireless controller from Fortinet. There is a hard-coded account vulnerability in FortinetFortiWLC versions 7.0.11 and earlier. Fortinet FortiWLC is prone to multiple information-disclosure vulnerabilities. Information obtained may aid in further attacks", sources: [ { db: "NVD", id: "CVE-2017-17539", }, { db: "JVNDB", id: "JVNDB-2017-013365", }, { db: "CNVD", id: "CNVD-2018-10699", }, { db: "BID", id: "104119", }, { db: "VULHUB", id: "VHN-108571", }, { db: "VULMON", id: "CVE-2017-17539", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-17539", trust: 3.5, }, { db: "BID", id: "104119", trust: 1.5, }, { db: "JVNDB", id: "JVNDB-2017-013365", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201712-460", trust: 0.7, }, { db: "CNVD", id: "CNVD-2018-10699", trust: 0.6, }, { db: "VULHUB", id: "VHN-108571", trust: 0.1, }, { db: "VULMON", id: "CVE-2017-17539", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10699", }, { db: "VULHUB", id: "VHN-108571", }, { db: "VULMON", id: "CVE-2017-17539", }, { db: "BID", id: "104119", }, { db: "JVNDB", id: "JVNDB-2017-013365", }, { db: "CNNVD", id: "CNNVD-201712-460", }, { db: "NVD", id: "CVE-2017-17539", }, ], }, id: "VAR-201805-0224", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-10699", }, { db: "VULHUB", id: "VHN-108571", }, ], trust: 1.2896806, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10699", }, ], }, last_update_date: "2024-11-23T22:41:51.557000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-17-274", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-17-274", }, { title: "Patch for FortinetFortiWLC Hardcoded Account Vulnerability (CNVD-2018-10699)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/130775", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10699", }, { db: "JVNDB", id: "JVNDB-2017-013365", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-798", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-108571", }, { db: "JVNDB", id: "JVNDB-2017-013365", }, { db: "NVD", id: "CVE-2017-17539", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/advisory/fg-ir-17-274", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/104119", }, { trust: 0.9, url: "https://fortiguard.com/psirt/fg-ir-17-274", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17539", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-17539", }, { trust: 0.3, url: "http://www.fortinet.com/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/798.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10699", }, { db: "VULHUB", id: "VHN-108571", }, { db: "VULMON", id: "CVE-2017-17539", }, { db: "BID", id: "104119", }, { db: "JVNDB", id: "JVNDB-2017-013365", }, { db: "CNNVD", id: "CNNVD-201712-460", }, { db: "NVD", id: "CVE-2017-17539", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-10699", }, { db: "VULHUB", id: "VHN-108571", }, { db: "VULMON", id: "CVE-2017-17539", }, { db: "BID", id: "104119", }, { db: "JVNDB", id: "JVNDB-2017-013365", }, { db: "CNNVD", id: "CNNVD-201712-460", }, { db: "NVD", id: "CVE-2017-17539", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-31T00:00:00", db: "CNVD", id: "CNVD-2018-10699", }, { date: "2018-05-08T00:00:00", db: "VULHUB", id: "VHN-108571", }, { date: "2018-05-08T00:00:00", db: "VULMON", id: "CVE-2017-17539", }, { date: "2018-05-09T00:00:00", db: "BID", id: "104119", }, { date: "2018-06-27T00:00:00", db: "JVNDB", id: "JVNDB-2017-013365", }, { date: "2017-12-12T00:00:00", db: "CNNVD", id: "CNNVD-201712-460", }, { date: "2018-05-08T04:29:00.207000", db: "NVD", id: "CVE-2017-17539", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-31T00:00:00", db: "CNVD", id: "CNVD-2018-10699", }, { date: "2018-06-12T00:00:00", db: "VULHUB", id: "VHN-108571", }, { date: "2018-06-12T00:00:00", db: "VULMON", id: "CVE-2017-17539", }, { date: "2018-05-09T00:00:00", db: "BID", id: "104119", }, { date: "2018-06-27T00:00:00", db: "JVNDB", id: "JVNDB-2017-013365", }, { date: "2018-05-09T00:00:00", db: "CNNVD", id: "CNNVD-201712-460", }, { date: "2024-11-21T03:18:07.860000", db: "NVD", id: "CVE-2017-17539", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201712-460", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLC Vulnerabilities related to the use of hard-coded credentials", sources: [ { db: "JVNDB", id: "JVNDB-2017-013365", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201712-460", }, ], trust: 0.6, }, }
var-201805-0225
Vulnerability from variot
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. Fortinet FortiWLC Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiWLC is a wireless controller from Fortinet. There is a hard-coded account vulnerability in FortinetFortiWLC8.3.3. Fortinet FortiWLC is prone to multiple information-disclosure vulnerabilities. Information obtained may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0225", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "7.0.11", }, { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "8.0", }, { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "8.3.3", }, { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0", }, { model: "fortiwlc", scope: "eq", trust: 0.9, vendor: "fortinet", version: "8.3.3", }, { model: "fortiwlc", scope: null, trust: 0.8, vendor: "fortinet", version: null, }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3.2", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0.11", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-9-1", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-9", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-8", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-7", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-10-0", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "7.0-10", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10700", }, { db: "BID", id: "104119", }, { db: "JVNDB", id: "JVNDB-2017-013366", }, { db: "NVD", id: "CVE-2017-17540", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:fortinet:fortiwlc", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-013366", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "University of Toronto", sources: [ { db: "BID", id: "104119", }, ], trust: 0.3, }, cve: "CVE-2017-17540", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2017-17540", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 7.8, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2018-10700", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-108573", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2017-17540", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-17540", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2017-17540", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2018-10700", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201712-459", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-108573", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2017-17540", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10700", }, { db: "VULHUB", id: "VHN-108573", }, { db: "VULMON", id: "CVE-2017-17540", }, { db: "JVNDB", id: "JVNDB-2017-013366", }, { db: "CNNVD", id: "CNNVD-201712-459", }, { db: "NVD", id: "CVE-2017-17540", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. Fortinet FortiWLC Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiWLC is a wireless controller from Fortinet. There is a hard-coded account vulnerability in FortinetFortiWLC8.3.3. Fortinet FortiWLC is prone to multiple information-disclosure vulnerabilities. Information obtained may aid in further attacks", sources: [ { db: "NVD", id: "CVE-2017-17540", }, { db: "JVNDB", id: "JVNDB-2017-013366", }, { db: "CNVD", id: "CNVD-2018-10700", }, { db: "BID", id: "104119", }, { db: "VULHUB", id: "VHN-108573", }, { db: "VULMON", id: "CVE-2017-17540", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-17540", trust: 3.5, }, { db: "BID", id: "104119", trust: 1.5, }, { db: "JVNDB", id: "JVNDB-2017-013366", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201712-459", trust: 0.7, }, { db: "CNVD", id: "CNVD-2018-10700", trust: 0.6, }, { db: "VULHUB", id: "VHN-108573", trust: 0.1, }, { db: "VULMON", id: "CVE-2017-17540", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10700", }, { db: "VULHUB", id: "VHN-108573", }, { db: "VULMON", id: "CVE-2017-17540", }, { db: "BID", id: "104119", }, { db: "JVNDB", id: "JVNDB-2017-013366", }, { db: "CNNVD", id: "CNNVD-201712-459", }, { db: "NVD", id: "CVE-2017-17540", }, ], }, id: "VAR-201805-0225", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-10700", }, { db: "VULHUB", id: "VHN-108573", }, ], trust: 1.2896806, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10700", }, ], }, last_update_date: "2024-11-23T22:41:51.521000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-17-274", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-17-274", }, { title: "FortinetFortiWLC Hardcoded Account Vulnerability Patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/130773", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10700", }, { db: "JVNDB", id: "JVNDB-2017-013366", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-798", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-108573", }, { db: "JVNDB", id: "JVNDB-2017-013366", }, { db: "NVD", id: "CVE-2017-17540", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://fortiguard.com/advisory/fg-ir-17-274", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/104119", }, { trust: 0.9, url: "https://fortiguard.com/psirt/fg-ir-17-274", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17540", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-17540", }, { trust: 0.3, url: "http://www.fortinet.com/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/798.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-10700", }, { db: "VULHUB", id: "VHN-108573", }, { db: "VULMON", id: "CVE-2017-17540", }, { db: "BID", id: "104119", }, { db: "JVNDB", id: "JVNDB-2017-013366", }, { db: "CNNVD", id: "CNNVD-201712-459", }, { db: "NVD", id: "CVE-2017-17540", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-10700", }, { db: "VULHUB", id: "VHN-108573", }, { db: "VULMON", id: "CVE-2017-17540", }, { db: "BID", id: "104119", }, { db: "JVNDB", id: "JVNDB-2017-013366", }, { db: "CNNVD", id: "CNNVD-201712-459", }, { db: "NVD", id: "CVE-2017-17540", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-31T00:00:00", db: "CNVD", id: "CNVD-2018-10700", }, { date: "2018-05-08T00:00:00", db: "VULHUB", id: "VHN-108573", }, { date: "2018-05-08T00:00:00", db: "VULMON", id: "CVE-2017-17540", }, { date: "2018-05-09T00:00:00", db: "BID", id: "104119", }, { date: "2018-06-27T00:00:00", db: "JVNDB", id: "JVNDB-2017-013366", }, { date: "2017-12-12T00:00:00", db: "CNNVD", id: "CNNVD-201712-459", }, { date: "2018-05-08T04:29:00.380000", db: "NVD", id: "CVE-2017-17540", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-31T00:00:00", db: "CNVD", id: "CNVD-2018-10700", }, { date: "2018-06-12T00:00:00", db: "VULHUB", id: "VHN-108573", }, { date: "2018-06-12T00:00:00", db: "VULMON", id: "CVE-2017-17540", }, { date: "2018-05-09T00:00:00", db: "BID", id: "104119", }, { date: "2018-06-27T00:00:00", db: "JVNDB", id: "JVNDB-2017-013366", }, { date: "2018-05-09T00:00:00", db: "CNNVD", id: "CNNVD-201712-459", }, { date: "2024-11-21T03:18:07.983000", db: "NVD", id: "CVE-2017-17540", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201712-459", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLC Vulnerabilities related to the use of hard-coded credentials", sources: [ { db: "JVNDB", id: "JVNDB-2017-013366", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201712-459", }, ], trust: 0.6, }, }
var-201610-0366
Vulnerability from variot
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. FortinetFortiWLC is a wireless controller from Fortinet. There is a security hole in FortinetFortiWLC. FortiWLC is prone to a local information-disclosure vulnerability. The following versions are affected: FortiWLC 6.1-2-29 and prior versions FortiWLC 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0366", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "8.2-4-0", }, { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "8.1-2-0", }, { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "8.0-5-0", }, { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "7.0-9-1", }, { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "7.0-10-0", }, { model: "fortiwlc", scope: "lte", trust: 1.8, vendor: "fortinet", version: "6.1-2-29", }, { model: "fortiwlc", scope: "eq", trust: 1.5, vendor: "fortinet", version: "6.1-2-29", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08623", }, { db: "BID", id: "93282", }, { db: "JVNDB", id: "JVNDB-2016-005174", }, { db: "CNNVD", id: "CNNVD-201610-118", }, { db: "NVD", id: "CVE-2016-7561", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:fortinet:fortiwlc", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-005174", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "University of Toronto", sources: [ { db: "CNNVD", id: "CNNVD-201610-118", }, ], trust: 0.6, }, cve: "CVE-2016-7561", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2016-7561", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2016-08623", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "VHN-96381", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2016-7561", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-7561", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2016-7561", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2016-08623", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-201610-118", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-96381", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08623", }, { db: "VULHUB", id: "VHN-96381", }, { db: "JVNDB", id: "JVNDB-2016-005174", }, { db: "CNNVD", id: "CNNVD-201610-118", }, { db: "NVD", id: "CVE-2016-7561", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. FortinetFortiWLC is a wireless controller from Fortinet. There is a security hole in FortinetFortiWLC. FortiWLC is prone to a local information-disclosure vulnerability. \nThe following versions are affected:\nFortiWLC 6.1-2-29 and prior versions\nFortiWLC 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0", sources: [ { db: "NVD", id: "CVE-2016-7561", }, { db: "JVNDB", id: "JVNDB-2016-005174", }, { db: "CNVD", id: "CNVD-2016-08623", }, { db: "BID", id: "93282", }, { db: "VULHUB", id: "VHN-96381", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-7561", trust: 3.4, }, { db: "BID", id: "93282", trust: 2, }, { db: "AUSCERT", id: "ESB-2016.2303", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-005174", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201610-118", trust: 0.7, }, { db: "CNVD", id: "CNVD-2016-08623", trust: 0.6, }, { db: "VULHUB", id: "VHN-96381", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08623", }, { db: "VULHUB", id: "VHN-96381", }, { db: "BID", id: "93282", }, { db: "JVNDB", id: "JVNDB-2016-005174", }, { db: "CNNVD", id: "CNNVD-201610-118", }, { db: "NVD", id: "CVE-2016-7561", }, ], }, id: "VAR-201610-0366", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2016-08623", }, { db: "VULHUB", id: "VHN-96381", }, ], trust: 1.2896806, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08623", }, ], }, last_update_date: "2024-11-23T22:42:19.903000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FortiWLC PAM.log authenticated user information exposure", trust: 0.8, url: "http://fortiguard.com/advisory/FG-IR-16-030", }, { title: "FortinetFortiWLC Information Disclosure Vulnerability Patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/82170", }, { title: "Fortinet FortiWLC Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64543", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08623", }, { db: "JVNDB", id: "JVNDB-2016-005174", }, { db: "CNNVD", id: "CNNVD-201610-118", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-96381", }, { db: "JVNDB", id: "JVNDB-2016-005174", }, { db: "NVD", id: "CVE-2016-7561", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "http://fortiguard.com/advisory/fg-ir-16-030", }, { trust: 1.2, url: "http://www.auscert.org.au/./render.html?it=39190", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/93282", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7561", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7561", }, { trust: 0.3, url: "http://www.fortinet.com/", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08623", }, { db: "VULHUB", id: "VHN-96381", }, { db: "BID", id: "93282", }, { db: "JVNDB", id: "JVNDB-2016-005174", }, { db: "CNNVD", id: "CNNVD-201610-118", }, { db: "NVD", id: "CVE-2016-7561", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2016-08623", }, { db: "VULHUB", id: "VHN-96381", }, { db: "BID", id: "93282", }, { db: "JVNDB", id: "JVNDB-2016-005174", }, { db: "CNNVD", id: "CNNVD-201610-118", }, { db: "NVD", id: "CVE-2016-7561", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-10-11T00:00:00", db: "CNVD", id: "CNVD-2016-08623", }, { date: "2016-10-05T00:00:00", db: "VULHUB", id: "VHN-96381", }, { date: "2016-09-30T00:00:00", db: "BID", id: "93282", }, { date: "2016-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2016-005174", }, { date: "2016-09-30T00:00:00", db: "CNNVD", id: "CNNVD-201610-118", }, { date: "2016-10-05T16:59:08.900000", db: "NVD", id: "CVE-2016-7561", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-10-11T00:00:00", db: "CNVD", id: "CNVD-2016-08623", }, { date: "2016-12-02T00:00:00", db: "VULHUB", id: "VHN-96381", }, { date: "2016-10-10T00:01:00", db: "BID", id: "93282", }, { date: "2016-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2016-005174", }, { date: "2016-10-11T00:00:00", db: "CNNVD", id: "CNNVD-201610-118", }, { date: "2024-11-21T02:58:12.707000", db: "NVD", id: "CVE-2016-7561", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201610-118", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLC Information Disclosure Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2016-08623", }, { db: "CNNVD", id: "CNNVD-201610-118", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201610-118", }, ], trust: 0.6, }, }
var-201702-0116
Vulnerability from variot
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. FortinetFortiWLC is a wireless controller from Fortinet. FortinetFortiWLC hard-coded has a security bypass vulnerability that an attacker can use to gain access to sensitive information. FortiWLC is prone to a security-bypass vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0116", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "8.2-4-0", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "8.1-2-0", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "7.0-9-1", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "7.0-10-0", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "8.1-3-2", }, { model: "fortiwlc", scope: null, trust: 0.8, vendor: "fortinet", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-11177", }, { db: "BID", id: "94186", }, { db: "JVNDB", id: "JVNDB-2016-007731", }, { db: "CNNVD", id: "CNNVD-201611-346", }, { db: "NVD", id: "CVE-2016-8491", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:fortinet:fortiwlc", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-007731", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "University of Toronto.", sources: [ { db: "BID", id: "94186", }, { db: "CNNVD", id: "CNNVD-201611-346", }, ], trust: 0.9, }, cve: "CVE-2016-8491", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 9.4, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2016-8491", impactScore: 9.2, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2016-11177", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 9.4, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-97311", impactScore: 9.2, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2016-8491", impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-8491", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2016-8491", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2016-11177", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201611-346", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-97311", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2016-11177", }, { db: "VULHUB", id: "VHN-97311", }, { db: "JVNDB", id: "JVNDB-2016-007731", }, { db: "CNNVD", id: "CNNVD-201611-346", }, { db: "NVD", id: "CVE-2016-8491", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. FortinetFortiWLC is a wireless controller from Fortinet. FortinetFortiWLC hard-coded has a security bypass vulnerability that an attacker can use to gain access to sensitive information. FortiWLC is prone to a security-bypass vulnerability", sources: [ { db: "NVD", id: "CVE-2016-8491", }, { db: "JVNDB", id: "JVNDB-2016-007731", }, { db: "CNVD", id: "CNVD-2016-11177", }, { db: "BID", id: "94186", }, { db: "VULHUB", id: "VHN-97311", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-8491", trust: 3.4, }, { db: "BID", id: "94186", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2016-007731", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201611-346", trust: 0.7, }, { db: "CNVD", id: "CNVD-2016-11177", trust: 0.6, }, { db: "VULHUB", id: "VHN-97311", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-11177", }, { db: "VULHUB", id: "VHN-97311", }, { db: "BID", id: "94186", }, { db: "JVNDB", id: "JVNDB-2016-007731", }, { db: "CNNVD", id: "CNNVD-201611-346", }, { db: "NVD", id: "CVE-2016-8491", }, ], }, id: "VAR-201702-0116", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2016-11177", }, { db: "VULHUB", id: "VHN-97311", }, ], trust: 1.2896806, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-11177", }, ], }, last_update_date: "2024-11-23T22:22:37.471000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FortiWLC Undocumented Hardcoded core Account", trust: 0.8, url: "https://fortiguard.com/advisory/FG-IR-16-065", }, { title: "FortinetFortiWLC hardcoded security bypass vulnerability patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/83992", }, { title: "Fortinet FortiWLC Repair measures for security bypass vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65710", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-11177", }, { db: "JVNDB", id: "JVNDB-2016-007731", }, { db: "CNNVD", id: "CNNVD-201611-346", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-798", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-97311", }, { db: "JVNDB", id: "JVNDB-2016-007731", }, { db: "NVD", id: "CVE-2016-8491", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "http://www.securityfocus.com/bid/94186", }, { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-16-065", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8491", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8491", }, { trust: 0.3, url: "http://www.fortinet.com/", }, { trust: 0.3, url: "http://fortiguard.com/advisory/fortiwlc-undocumented-hardcoded-core-account", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-11177", }, { db: "VULHUB", id: "VHN-97311", }, { db: "BID", id: "94186", }, { db: "JVNDB", id: "JVNDB-2016-007731", }, { db: "CNNVD", id: "CNNVD-201611-346", }, { db: "NVD", id: "CVE-2016-8491", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2016-11177", }, { db: "VULHUB", id: "VHN-97311", }, { db: "BID", id: "94186", }, { db: "JVNDB", id: "JVNDB-2016-007731", }, { db: "CNNVD", id: "CNNVD-201611-346", }, { db: "NVD", id: "CVE-2016-8491", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-11-16T00:00:00", db: "CNVD", id: "CNVD-2016-11177", }, { date: "2017-02-01T00:00:00", db: "VULHUB", id: "VHN-97311", }, { date: "2016-11-09T00:00:00", db: "BID", id: "94186", }, { date: "2017-03-14T00:00:00", db: "JVNDB", id: "JVNDB-2016-007731", }, { date: "2016-11-17T00:00:00", db: "CNNVD", id: "CNNVD-201611-346", }, { date: "2017-02-01T17:59:00.153000", db: "NVD", id: "CVE-2016-8491", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-11-16T00:00:00", db: "CNVD", id: "CNVD-2016-11177", }, { date: "2017-02-24T00:00:00", db: "VULHUB", id: "VHN-97311", }, { date: "2016-11-24T01:08:00", db: "BID", id: "94186", }, { date: "2017-03-14T00:00:00", db: "JVNDB", id: "JVNDB-2016-007731", }, { date: "2017-02-06T00:00:00", db: "CNNVD", id: "CNNVD-201611-346", }, { date: "2024-11-21T02:59:28.640000", db: "NVD", id: "CVE-2016-8491", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201611-346", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLC Unauthenticated read in / Vulnerability to gain write access", sources: [ { db: "JVNDB", id: "JVNDB-2016-007731", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201611-346", }, ], trust: 0.6, }, }
var-202006-1548
Vulnerability from variot
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. FortiWLC Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Fortinet FortiWLC is a wireless LAN controller from Fortinet. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1548", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.1", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "8.5.1", }, { model: "fortiwlc", scope: "lte", trust: 0.6, vendor: "fortinet", version: "<=8.5.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-24254", }, { db: "JVNDB", id: "JVNDB-2020-006974", }, { db: "NVD", id: "CVE-2020-9288", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:fortinet:fortiwlc", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006974", }, ], }, cve: "CVE-2020-9288", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2020-9288", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-006974", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CNVD-2021-24254", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.6, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "VHN-187413", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.1, vectorString: "AV:N/AC:M/AU:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.3, id: "CVE-2020-9288", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.4, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2020-006974", impactScore: null, integrityImpact: "Low", privilegesRequired: "Low", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-9288", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2020-006974", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-24254", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202006-1543", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-187413", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-24254", }, { db: "VULHUB", id: "VHN-187413", }, { db: "JVNDB", id: "JVNDB-2020-006974", }, { db: "CNNVD", id: "CNNVD-202006-1543", }, { db: "NVD", id: "CVE-2020-9288", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. FortiWLC Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Fortinet FortiWLC is a wireless LAN controller from Fortinet. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code", sources: [ { db: "NVD", id: "CVE-2020-9288", }, { db: "JVNDB", id: "JVNDB-2020-006974", }, { db: "CNVD", id: "CNVD-2021-24254", }, { db: "VULHUB", id: "VHN-187413", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-9288", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2020-006974", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202006-1543", trust: 0.7, }, { db: "CNVD", id: "CNVD-2021-24254", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2167", trust: 0.6, }, { db: "NSFOCUS", id: "46966", trust: 0.6, }, { db: "VULHUB", id: "VHN-187413", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-24254", }, { db: "VULHUB", id: "VHN-187413", }, { db: "JVNDB", id: "JVNDB-2020-006974", }, { db: "CNNVD", id: "CNNVD-202006-1543", }, { db: "NVD", id: "CVE-2020-9288", }, ], }, id: "VAR-202006-1548", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-24254", }, { db: "VULHUB", id: "VHN-187413", }, ], trust: 1.2896806, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-24254", }, ], }, last_update_date: "2024-11-23T22:21:06.161000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-20-016", trust: 0.8, url: "https://fortiguard.com/advisory/FG-IR-20-016", }, { title: "Patch for Fortinet FortiWLC Cross-Site Scripting Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/255401", }, { title: "Fortinet FortiWLC Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122693", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-24254", }, { db: "JVNDB", id: "JVNDB-2020-006974", }, { db: "CNNVD", id: "CNNVD-202006-1543", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-187413", }, { db: "JVNDB", id: "JVNDB-2020-006974", }, { db: "NVD", id: "CVE-2020-9288", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-9288", }, { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-20-016", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9288", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/46966", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2167/", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-24254", }, { db: "VULHUB", id: "VHN-187413", }, { db: "JVNDB", id: "JVNDB-2020-006974", }, { db: "CNNVD", id: "CNNVD-202006-1543", }, { db: "NVD", id: "CVE-2020-9288", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-24254", }, { db: "VULHUB", id: "VHN-187413", }, { db: "JVNDB", id: "JVNDB-2020-006974", }, { db: "CNNVD", id: "CNNVD-202006-1543", }, { db: "NVD", id: "CVE-2020-9288", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-03-31T00:00:00", db: "CNVD", id: "CNVD-2021-24254", }, { date: "2020-06-22T00:00:00", db: "VULHUB", id: "VHN-187413", }, { date: "2020-07-28T00:00:00", db: "JVNDB", id: "JVNDB-2020-006974", }, { date: "2020-06-22T00:00:00", db: "CNNVD", id: "CNNVD-202006-1543", }, { date: "2020-06-22T16:15:12.120000", db: "NVD", id: "CVE-2020-9288", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-01T00:00:00", db: "CNVD", id: "CNVD-2021-24254", }, { date: "2020-06-26T00:00:00", db: "VULHUB", id: "VHN-187413", }, { date: "2020-07-28T00:00:00", db: "JVNDB", id: "JVNDB-2020-006974", }, { date: "2020-06-30T00:00:00", db: "CNNVD", id: "CNNVD-202006-1543", }, { date: "2024-11-21T05:40:21.787000", db: "NVD", id: "CVE-2020-9288", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-1543", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLC Cross-Site Scripting Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2021-24254", }, { db: "CNNVD", id: "CNNVD-202006-1543", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202006-1543", }, ], trust: 0.6, }, }
var-201710-1338
Vulnerability from variot
An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. Fortinet FortiWLC Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortinetFortiWLC is a network management device. Fortinet FortiWLC is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. The following products are affected: Fortinet FortiWLC 6.1-2 through 6.1-5. Fortinet FortiWLC 7.0-7 through 7.0-10. Fortinet FortiWLC 8.0 through 8.2. Fortinet FortiWLC 8.3.0 through 8.3.2. Fortinet FortiWLC is a wireless LAN controller from Fortinet
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1338", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "6.1-2", }, { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "8.2", }, { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "8.3.2", }, { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "7.0-10", }, { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "8.0", }, { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "6.1-5", }, { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0-7", }, { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "8.3.0", }, { model: "fortiwlc", scope: "eq", trust: 0.9, vendor: "fortinet", version: "6.1-2", }, { model: "fortiwlc", scope: "eq", trust: 0.9, vendor: "fortinet", version: "6.1-5", }, { model: "fortiwlc", scope: "eq", trust: 0.9, vendor: "fortinet", version: "7.0-7", }, { model: "fortiwlc", scope: "eq", trust: 0.9, vendor: "fortinet", version: "7.0-10", }, { model: "fortiwlc", scope: "eq", trust: 0.9, vendor: "fortinet", version: "8.0", }, { model: "fortiwlc", scope: "eq", trust: 0.9, vendor: "fortinet", version: "8.2", }, { model: "fortiwlc", scope: "eq", trust: 0.9, vendor: "fortinet", version: "8.3.2", }, { model: "fortiwlc", scope: "eq", trust: 0.9, vendor: "fortinet", version: "8.3", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "6.1-2 to 6.1-5", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "7.0-7 to 7.0-10", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "8.0 to 8.2", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "8.3.0 to 8.3.2", }, { model: "fortiwlc", scope: "ne", trust: 0.3, vendor: "fortinet", version: "8.3.3", }, { model: "fortiwlc", scope: "ne", trust: 0.3, vendor: "fortinet", version: "7.0.11", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32269", }, { db: "BID", id: "101273", }, { db: "JVNDB", id: "JVNDB-2017-009748", }, { db: "NVD", id: "CVE-2017-7341", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:fortinet:fortiwlc", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-009748", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Tom Scholten, SOLIDBE B.V.", sources: [ { db: "BID", id: "101273", }, ], trust: 0.3, }, cve: "CVE-2017-7341", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "CVE-2017-7341", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2017-32269", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "VHN-115544", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2017-7341", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-7341", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2017-7341", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2017-32269", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201703-1373", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-115544", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32269", }, { db: "VULHUB", id: "VHN-115544", }, { db: "JVNDB", id: "JVNDB-2017-009748", }, { db: "CNNVD", id: "CNNVD-201703-1373", }, { db: "NVD", id: "CVE-2017-7341", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. Fortinet FortiWLC Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortinetFortiWLC is a network management device. Fortinet FortiWLC is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. \nThe following products are affected:\nFortinet FortiWLC 6.1-2 through 6.1-5. \nFortinet FortiWLC 7.0-7 through 7.0-10. \nFortinet FortiWLC 8.0 through 8.2. \nFortinet FortiWLC 8.3.0 through 8.3.2. Fortinet FortiWLC is a wireless LAN controller from Fortinet", sources: [ { db: "NVD", id: "CVE-2017-7341", }, { db: "JVNDB", id: "JVNDB-2017-009748", }, { db: "CNVD", id: "CNVD-2017-32269", }, { db: "BID", id: "101273", }, { db: "VULHUB", id: "VHN-115544", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-7341", trust: 3.4, }, { db: "BID", id: "101273", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2017-009748", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201703-1373", trust: 0.7, }, { db: "CNVD", id: "CNVD-2017-32269", trust: 0.6, }, { db: "VULHUB", id: "VHN-115544", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32269", }, { db: "VULHUB", id: "VHN-115544", }, { db: "BID", id: "101273", }, { db: "JVNDB", id: "JVNDB-2017-009748", }, { db: "CNNVD", id: "CNNVD-201703-1373", }, { db: "NVD", id: "CVE-2017-7341", }, ], }, id: "VAR-201710-1338", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-32269", }, { db: "VULHUB", id: "VHN-115544", }, ], trust: 1.2896806, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32269", }, ], }, last_update_date: "2024-11-23T23:02:19.949000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-17-119", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-17-119", }, { title: "Patch for FortinetFortiWLCOS Command Injection Vulnerability (CNVD-2017-32269)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/104976", }, { title: "Fortinet FortiWLC Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99699", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32269", }, { db: "JVNDB", id: "JVNDB-2017-009748", }, { db: "CNNVD", id: "CNNVD-201703-1373", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.1, }, { problemtype: "CWE-77", trust: 0.9, }, ], sources: [ { db: "VULHUB", id: "VHN-115544", }, { db: "JVNDB", id: "JVNDB-2017-009748", }, { db: "NVD", id: "CVE-2017-7341", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://fortiguard.com/psirt/fg-ir-17-119", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/101273", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7341", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7341", }, { trust: 0.3, url: "http://www.fortinet.com/", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32269", }, { db: "VULHUB", id: "VHN-115544", }, { db: "BID", id: "101273", }, { db: "JVNDB", id: "JVNDB-2017-009748", }, { db: "CNNVD", id: "CNNVD-201703-1373", }, { db: "NVD", id: "CVE-2017-7341", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-32269", }, { db: "VULHUB", id: "VHN-115544", }, { db: "BID", id: "101273", }, { db: "JVNDB", id: "JVNDB-2017-009748", }, { db: "CNNVD", id: "CNNVD-201703-1373", }, { db: "NVD", id: "CVE-2017-7341", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-11-01T00:00:00", db: "CNVD", id: "CNVD-2017-32269", }, { date: "2017-10-26T00:00:00", db: "VULHUB", id: "VHN-115544", }, { date: "2017-10-13T00:00:00", db: "BID", id: "101273", }, { date: "2017-11-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-009748", }, { date: "2017-03-31T00:00:00", db: "CNNVD", id: "CNNVD-201703-1373", }, { date: "2017-10-26T13:29:00.370000", db: "NVD", id: "CVE-2017-7341", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-11-01T00:00:00", db: "CNVD", id: "CNVD-2017-32269", }, { date: "2019-10-03T00:00:00", db: "VULHUB", id: "VHN-115544", }, { date: "2017-10-13T00:00:00", db: "BID", id: "101273", }, { date: "2017-11-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-009748", }, { date: "2019-10-23T00:00:00", db: "CNNVD", id: "CNNVD-201703-1373", }, { date: "2024-11-21T03:31:39.327000", db: "NVD", id: "CVE-2017-7341", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201703-1373", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLC Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-009748", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-201703-1373", }, ], trust: 0.6, }, }
var-202112-0729
Vulnerability from variot
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. FortiWLC Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0729", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "8.3.3", }, { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "8.5.5", }, { model: "fortiwlc", scope: "lte", trust: 1, vendor: "fortinet", version: "8.2.7", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.4.4", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.0.6", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.4.2", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.1.3", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.4.6", }, { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "8.5.0", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.4.7", }, { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "8.3.0", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.0.5", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.4.5", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.1.2", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.4.1", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.6.1", }, { model: "fortiwlc", scope: "gte", trust: 1, vendor: "fortinet", version: "8.2.4", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.4.8", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.4.0", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.6.0", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortiwlc", scope: "lte", trust: 0.8, vendor: "フォーティネット", version: "8.6.1 and earlier", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016088", }, { db: "NVD", id: "CVE-2021-42758", }, ], }, cve: "CVE-2021-42758", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "CVE-2021-42758", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "VHN-403820", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2021-42758", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "OTHER", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2021-016088", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-42758", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2021-42758", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-42758", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202112-634", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-403820", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-403820", }, { db: "JVNDB", id: "JVNDB-2021-016088", }, { db: "CNNVD", id: "CNNVD-202112-634", }, { db: "NVD", id: "CVE-2021-42758", }, { db: "NVD", id: "CVE-2021-42758", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. FortiWLC Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2021-42758", }, { db: "JVNDB", id: "JVNDB-2021-016088", }, { db: "VULHUB", id: "VHN-403820", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-42758", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-016088", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-634", trust: 0.6, }, { db: "VULHUB", id: "VHN-403820", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-403820", }, { db: "JVNDB", id: "JVNDB-2021-016088", }, { db: "CNNVD", id: "CNNVD-202112-634", }, { db: "NVD", id: "CVE-2021-42758", }, ], }, id: "VAR-202112-0729", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-403820", }, ], trust: 0.6896806, }, last_update_date: "2024-11-23T22:05:05.648000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-21-200", trust: 0.8, url: "https://fortiguard.com/advisory/FG-IR-21-200", }, { title: "Fortinet FortiWLC Fixes for access control error vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173883", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016088", }, { db: "CNNVD", id: "CNNVD-202112-634", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-863", trust: 1.1, }, { problemtype: "Illegal authentication (CWE-863) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-403820", }, { db: "JVNDB", id: "JVNDB-2021-016088", }, { db: "NVD", id: "CVE-2021-42758", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-21-200", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-42758", }, ], sources: [ { db: "VULHUB", id: "VHN-403820", }, { db: "JVNDB", id: "JVNDB-2021-016088", }, { db: "CNNVD", id: "CNNVD-202112-634", }, { db: "NVD", id: "CVE-2021-42758", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-403820", }, { db: "JVNDB", id: "JVNDB-2021-016088", }, { db: "CNNVD", id: "CNNVD-202112-634", }, { db: "NVD", id: "CVE-2021-42758", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-08T00:00:00", db: "VULHUB", id: "VHN-403820", }, { date: "2022-12-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-016088", }, { date: "2021-12-08T00:00:00", db: "CNNVD", id: "CNNVD-202112-634", }, { date: "2021-12-08T11:15:11.887000", db: "NVD", id: "CVE-2021-42758", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-10T00:00:00", db: "VULHUB", id: "VHN-403820", }, { date: "2022-12-06T07:32:00", db: "JVNDB", id: "JVNDB-2021-016088", }, { date: "2021-12-13T00:00:00", db: "CNNVD", id: "CNNVD-202112-634", }, { date: "2024-11-21T06:28:06.793000", db: "NVD", id: "CVE-2021-42758", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-634", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "FortiWLC Fraud related to unauthorized authentication in", sources: [ { db: "JVNDB", id: "JVNDB-2021-016088", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-202112-634", }, ], trust: 0.6, }, }
var-201610-0365
Vulnerability from variot
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlA third party may read or write arbitrary files. FortinetFortiWLC is a wireless controller from Fortinet. FortiWLC is prone to a security-bypass vulnerability. An attacker can exploit this issue to gain access to the system and obtain sensitive information that may lead to further attack. The following versions are affected: Fortinet FortiWLC 6.1-2-29 and prior, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, 8.2-4-0 Version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0365", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "8.2-4-0", }, { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "8.1-2-0", }, { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "8.0-5-0", }, { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "7.0-9-1", }, { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "7.0-10-0", }, { model: "fortiwlc", scope: "lte", trust: 1.8, vendor: "fortinet", version: "6.1-2-29", }, { model: "fortiwlc", scope: "eq", trust: 1.5, vendor: "fortinet", version: "6.1-2-29", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08622", }, { db: "BID", id: "93286", }, { db: "JVNDB", id: "JVNDB-2016-005173", }, { db: "CNNVD", id: "CNNVD-201610-119", }, { db: "NVD", id: "CVE-2016-7560", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:fortinet:fortiwlc", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-005173", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "University of Toronto", sources: [ { db: "CNNVD", id: "CNNVD-201610-119", }, ], trust: 0.6, }, cve: "CVE-2016-7560", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2016-7560", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2016-08622", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-96380", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2016-7560", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-7560", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2016-7560", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2016-08622", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201610-119", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-96380", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2016-7560", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08622", }, { db: "VULHUB", id: "VHN-96380", }, { db: "VULMON", id: "CVE-2016-7560", }, { db: "JVNDB", id: "JVNDB-2016-005173", }, { db: "CNNVD", id: "CNNVD-201610-119", }, { db: "NVD", id: "CVE-2016-7560", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlA third party may read or write arbitrary files. FortinetFortiWLC is a wireless controller from Fortinet. FortiWLC is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to gain access to the system and obtain sensitive information that may lead to further attack. The following versions are affected: Fortinet FortiWLC 6.1-2-29 and prior, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, 8.2-4-0 Version", sources: [ { db: "NVD", id: "CVE-2016-7560", }, { db: "JVNDB", id: "JVNDB-2016-005173", }, { db: "CNVD", id: "CNVD-2016-08622", }, { db: "BID", id: "93286", }, { db: "VULHUB", id: "VHN-96380", }, { db: "VULMON", id: "CVE-2016-7560", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-7560", trust: 3.5, }, { db: "BID", id: "93286", trust: 2.1, }, { db: "AUSCERT", id: "ESB-2016.2303", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-005173", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201610-119", trust: 0.7, }, { db: "CNVD", id: "CNVD-2016-08622", trust: 0.6, }, { db: "VULHUB", id: "VHN-96380", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-7560", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08622", }, { db: "VULHUB", id: "VHN-96380", }, { db: "VULMON", id: "CVE-2016-7560", }, { db: "BID", id: "93286", }, { db: "JVNDB", id: "JVNDB-2016-005173", }, { db: "CNNVD", id: "CNNVD-201610-119", }, { db: "NVD", id: "CVE-2016-7560", }, ], }, id: "VAR-201610-0365", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2016-08622", }, { db: "VULHUB", id: "VHN-96380", }, ], trust: 1.2896806, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08622", }, ], }, last_update_date: "2024-11-23T22:42:19.940000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FortiWLC Undocumented Hardcoded Rsync Account", trust: 0.8, url: "http://fortiguard.com/advisory/FG-IR-16-029", }, { title: "FortinetFortiWLC security bypass vulnerability patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/82169", }, { title: "Fortinet FortiWLC Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64544", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08622", }, { db: "JVNDB", id: "JVNDB-2016-005173", }, { db: "CNNVD", id: "CNNVD-201610-119", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-798", trust: 1.1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-96380", }, { db: "JVNDB", id: "JVNDB-2016-005173", }, { db: "NVD", id: "CVE-2016-7560", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.1, url: "http://fortiguard.com/advisory/fg-ir-16-029", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/93286", }, { trust: 1.2, url: "http://www.auscert.org.au/./render.html?it=39190", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7560", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7560", }, { trust: 0.3, url: "http://www.fortinet.com/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/798.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-08622", }, { db: "VULHUB", id: "VHN-96380", }, { db: "VULMON", id: "CVE-2016-7560", }, { db: "BID", id: "93286", }, { db: "JVNDB", id: "JVNDB-2016-005173", }, { db: "CNNVD", id: "CNNVD-201610-119", }, { db: "NVD", id: "CVE-2016-7560", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2016-08622", }, { db: "VULHUB", id: "VHN-96380", }, { db: "VULMON", id: "CVE-2016-7560", }, { db: "BID", id: "93286", }, { db: "JVNDB", id: "JVNDB-2016-005173", }, { db: "CNNVD", id: "CNNVD-201610-119", }, { db: "NVD", id: "CVE-2016-7560", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-10-11T00:00:00", db: "CNVD", id: "CNVD-2016-08622", }, { date: "2016-10-05T00:00:00", db: "VULHUB", id: "VHN-96380", }, { date: "2016-10-05T00:00:00", db: "VULMON", id: "CVE-2016-7560", }, { date: "2016-09-30T00:00:00", db: "BID", id: "93286", }, { date: "2016-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2016-005173", }, { date: "2016-09-30T00:00:00", db: "CNNVD", id: "CNNVD-201610-119", }, { date: "2016-10-05T16:59:07.900000", db: "NVD", id: "CVE-2016-7560", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-10-11T00:00:00", db: "CNVD", id: "CNVD-2016-08622", }, { date: "2016-12-02T00:00:00", db: "VULHUB", id: "VHN-96380", }, { date: "2016-12-02T00:00:00", db: "VULMON", id: "CVE-2016-7560", }, { date: "2016-10-10T00:02:00", db: "BID", id: "93286", }, { date: "2016-10-13T00:00:00", db: "JVNDB", id: "JVNDB-2016-005173", }, { date: "2016-10-11T00:00:00", db: "CNNVD", id: "CNNVD-201610-119", }, { date: "2024-11-21T02:58:12.563000", db: "NVD", id: "CVE-2016-7560", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201610-119", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLC of rsyncd Vulnerability to read and write arbitrary files on the server", sources: [ { db: "JVNDB", id: "JVNDB-2016-005173", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-201610-119", }, ], trust: 0.6, }, }
var-201710-1337
Vulnerability from variot
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. Fortinet FortiWLC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortinetFortiWLC is a network management device. Fortinet FortiWLC is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following versions are vulnerable: FortiWLC 6.1-2, 6.1-4 and 6.1-5 FortiWLC 7.0-7, 7.0-8, 7.0-9, 7.0-10 FortiWLC 8.0, 8.1, 8.2 and 8.3.0 through 8.3.2. Fortinet FortiWLC is a wireless LAN controller from Fortinet. The following versions are affected: Fortinet FortiWLC Version 6.1-2, Version 6.1-4, Version 6.1-5, Version 7.0-7, Version 7.0-8, Version 7.0-9, Version 7.0-10, Version 8.0, Version 8.1, Version 8.2 , version 8.3.0-8.3.2
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1337", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "7.0-8", }, { model: "fortiwlc", scope: "eq", trust: 3.3, vendor: "fortinet", version: "8.1", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "6.1-2", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "6.1-4", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "6.1-5", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "7.0-7", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "7.0-9", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "7.0-10", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "8.0", }, { model: "fortiwlc", scope: "eq", trust: 2.5, vendor: "fortinet", version: "8.2", }, { model: "fortiwlc", scope: "eq", trust: 1.9, vendor: "fortinet", version: "8.3.2", }, { model: "fortiwlc", scope: "eq", trust: 1.6, vendor: "fortinet", version: "8.3.0", }, { model: "fortiwlc", scope: "eq", trust: 1, vendor: "fortinet", version: "8.3.1", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "6.1-x (6.1-2", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "6.1-4 and 6.1-5)", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "7.0-x (7.0-7", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "7.0-9 and 7.0-10)", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "8.x (8.0", }, { model: "fortiwlc", scope: "eq", trust: 0.8, vendor: "fortinet", version: "8.2 and 8.3.0-8.3.2)", }, { model: "fortiwlc", scope: "eq", trust: 0.3, vendor: "fortinet", version: "8.3", }, { model: "fortiwlc", scope: "ne", trust: 0.3, vendor: "fortinet", version: "8.3.3", }, { model: "fortiwlc", scope: "ne", trust: 0.3, vendor: "fortinet", version: "7.0.11", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32268", }, { db: "BID", id: "101287", }, { db: "JVNDB", id: "JVNDB-2017-009747", }, { db: "CNNVD", id: "CNNVD-201710-1052", }, { db: "NVD", id: "CVE-2017-7335", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:fortinet:fortiwlc", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-009747", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Ali Ardic", sources: [ { db: "BID", id: "101287", }, { db: "CNNVD", id: "CNNVD-201710-1052", }, ], trust: 0.9, }, cve: "CVE-2017-7335", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2017-7335", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1.8, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2017-32268", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "VHN-115538", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.1, vectorString: "AV:N/AC:M/AU:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.3, id: "CVE-2017-7335", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", trust: 1.8, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-7335", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2017-7335", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2017-32268", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201710-1052", trust: 0.6, value: "LOW", }, { author: "VULHUB", id: "VHN-115538", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32268", }, { db: "VULHUB", id: "VHN-115538", }, { db: "JVNDB", id: "JVNDB-2017-009747", }, { db: "CNNVD", id: "CNNVD-201710-1052", }, { db: "NVD", id: "CVE-2017-7335", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters \"refresh\" and \"branchtotable\" present in HTTP POST requests. Fortinet FortiWLC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortinetFortiWLC is a network management device. Fortinet FortiWLC is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThe following versions are vulnerable:\nFortiWLC 6.1-2, 6.1-4 and 6.1-5\nFortiWLC 7.0-7, 7.0-8, 7.0-9, 7.0-10\nFortiWLC 8.0, 8.1, 8.2 and 8.3.0 through 8.3.2. Fortinet FortiWLC is a wireless LAN controller from Fortinet. The following versions are affected: Fortinet FortiWLC Version 6.1-2, Version 6.1-4, Version 6.1-5, Version 7.0-7, Version 7.0-8, Version 7.0-9, Version 7.0-10, Version 8.0, Version 8.1, Version 8.2 , version 8.3.0-8.3.2", sources: [ { db: "NVD", id: "CVE-2017-7335", }, { db: "JVNDB", id: "JVNDB-2017-009747", }, { db: "CNVD", id: "CNVD-2017-32268", }, { db: "BID", id: "101287", }, { db: "VULHUB", id: "VHN-115538", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-7335", trust: 3.4, }, { db: "BID", id: "101287", trust: 2, }, { db: "JVNDB", id: "JVNDB-2017-009747", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201710-1052", trust: 0.7, }, { db: "BID", id: "101287101287", trust: 0.6, }, { db: "CNVD", id: "CNVD-2017-32268", trust: 0.6, }, { db: "NSFOCUS", id: "37821", trust: 0.6, }, { db: "VULHUB", id: "VHN-115538", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32268", }, { db: "VULHUB", id: "VHN-115538", }, { db: "BID", id: "101287", }, { db: "JVNDB", id: "JVNDB-2017-009747", }, { db: "CNNVD", id: "CNNVD-201710-1052", }, { db: "NVD", id: "CVE-2017-7335", }, ], }, id: "VAR-201710-1337", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-32268", }, { db: "VULHUB", id: "VHN-115538", }, ], trust: 1.2896806, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32268", }, ], }, last_update_date: "2024-11-23T22:52:20.483000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-17-106", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-17-106", }, { title: "FortinetFortiWLC has multiple patches for cross-site scripting vulnerability (CNVD-2017-32268)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/104965", }, { title: "Fortinet FortiWLC Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75924", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32268", }, { db: "JVNDB", id: "JVNDB-2017-009747", }, { db: "CNNVD", id: "CNNVD-201710-1052", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-115538", }, { db: "JVNDB", id: "JVNDB-2017-009747", }, { db: "NVD", id: "CVE-2017-7335", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://fortiguard.com/psirt/fg-ir-17-106", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/101287", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7335", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7335", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/37821", }, { trust: 0.3, url: "http://www.fortinet.com/", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-32268", }, { db: "VULHUB", id: "VHN-115538", }, { db: "BID", id: "101287", }, { db: "JVNDB", id: "JVNDB-2017-009747", }, { db: "CNNVD", id: "CNNVD-201710-1052", }, { db: "NVD", id: "CVE-2017-7335", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-32268", }, { db: "VULHUB", id: "VHN-115538", }, { db: "BID", id: "101287", }, { db: "JVNDB", id: "JVNDB-2017-009747", }, { db: "CNNVD", id: "CNNVD-201710-1052", }, { db: "NVD", id: "CVE-2017-7335", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-11-01T00:00:00", db: "CNVD", id: "CNVD-2017-32268", }, { date: "2017-10-26T00:00:00", db: "VULHUB", id: "VHN-115538", }, { date: "2017-10-13T00:00:00", db: "BID", id: "101287", }, { date: "2017-11-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-009747", }, { date: "2017-10-27T00:00:00", db: "CNNVD", id: "CNNVD-201710-1052", }, { date: "2017-10-26T13:29:00.277000", db: "NVD", id: "CVE-2017-7335", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-11-01T00:00:00", db: "CNVD", id: "CNVD-2017-32268", }, { date: "2017-11-17T00:00:00", db: "VULHUB", id: "VHN-115538", }, { date: "2017-10-13T00:00:00", db: "BID", id: "101287", }, { date: "2017-11-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-009747", }, { date: "2017-11-01T00:00:00", db: "CNNVD", id: "CNNVD-201710-1052", }, { date: "2024-11-21T03:31:38.617000", db: "NVD", id: "CVE-2017-7335", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201710-1052", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiWLC Vulnerable to cross-site scripting", sources: [ { db: "JVNDB", id: "JVNDB-2017-009747", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201710-1052", }, ], trust: 0.6, }, }
cve-2021-26093
Vulnerability from cvelistv5
Published
2024-12-19 07:47
Modified
2024-12-20 17:41
Severity ?
EPSS score ?
Summary
An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiWLC |
Version: 8.6.0 Version: 8.5.0 ≤ 8.5.3 Version: 8.4.4 ≤ 8.4.8 Version: 8.4.0 ≤ 8.4.2 Version: 8.3.0 ≤ 8.3.3 Version: 8.2.4 ≤ 8.2.7 Version: 8.1.2 ≤ 8.1.3 Version: 8.0.6 cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.0.6:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-26093", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T16:45:09.690266Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-20T17:41:17.833Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiWLC", vendor: "Fortinet", versions: [ { status: "affected", version: "8.6.0", }, { lessThanOrEqual: "8.5.3", status: "affected", version: "8.5.0", versionType: "semver", }, { lessThanOrEqual: "8.4.8", status: "affected", version: "8.4.4", versionType: "semver", }, { lessThanOrEqual: "8.4.2", status: "affected", version: "8.4.0", versionType: "semver", }, { lessThanOrEqual: "8.3.3", status: "affected", version: "8.3.0", versionType: "semver", }, { lessThanOrEqual: "8.2.7", status: "affected", version: "8.2.4", versionType: "semver", }, { lessThanOrEqual: "8.1.3", status: "affected", version: "8.1.2", versionType: "semver", }, { status: "affected", version: "8.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H/E:P/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-824", description: "Denial of service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-19T07:47:44.394Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-21-002", url: "https://fortiguard.com/psirt/FG-IR-21-002", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiWLC version 8.6.3 or above.", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2021-26093", datePublished: "2024-12-19T07:47:44.394Z", dateReserved: "2021-01-25T14:47:15.093Z", dateUpdated: "2024-12-20T17:41:17.833Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23439
Vulnerability from cvelistv5
Published
2025-01-22 09:10
Modified
2025-01-22 14:21
Severity ?
EPSS score ?
Summary
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortinet | FortiTester |
Version: 7.2.0 ≤ 7.2.1 Version: 7.1.0 ≤ 7.1.1 Version: 7.0.0 Version: 4.2.0 ≤ 4.2.1 Version: 4.1.0 ≤ 4.1.1 Version: 4.0.0 Version: 3.9.0 ≤ 3.9.2 Version: 3.8.0 Version: 3.7.0 ≤ 3.7.1 Version: 3.6.0 Version: 3.5.0 ≤ 3.5.1 Version: 3.4.0 Version: 3.3.0 ≤ 3.3.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-23439", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T14:21:27.552014Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-22T14:21:36.714Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [], defaultStatus: "unaffected", product: "FortiTester", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.1", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.1.1", status: "affected", version: "7.1.0", versionType: "semver", }, { status: "affected", version: "7.0.0", }, { lessThanOrEqual: "4.2.1", status: "affected", version: "4.2.0", versionType: "semver", }, { lessThanOrEqual: "4.1.1", status: "affected", version: "4.1.0", versionType: "semver", }, { status: "affected", version: "4.0.0", }, { lessThanOrEqual: "3.9.2", status: "affected", version: "3.9.0", versionType: "semver", }, { status: "affected", version: "3.8.0", }, { lessThanOrEqual: "3.7.1", status: "affected", version: "3.7.0", versionType: "semver", }, { status: "affected", version: "3.6.0", }, { lessThanOrEqual: "3.5.1", status: "affected", version: "3.5.0", versionType: "semver", }, { status: "affected", version: "3.4.0", }, { lessThanOrEqual: "3.3.1", status: "affected", version: "3.3.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { status: "affected", version: "7.2.0", }, { lessThanOrEqual: "7.0.5", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.16", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.18", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThan: "6.4.*", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiMail", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.3", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.8", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.9", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.12", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThanOrEqual: "5.4.12", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThan: "7.2.*", status: "affected", version: "7.2.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiSwitch", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.4", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.10", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.8", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.7", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiDDoS-F", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.3.3", status: "affected", version: "6.3.0", versionType: "semver", }, { lessThanOrEqual: "6.2.3", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.1.5", status: "affected", version: "6.1.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.4", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "2.0.14", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.2.13", status: "affected", version: "1.2.0", versionType: "semver", }, { lessThanOrEqual: "1.1.6", status: "affected", version: "1.1.0", versionType: "semver", }, { lessThanOrEqual: "1.0.7", status: "affected", version: "1.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiRecorder", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.4.2", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.0.10", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThanOrEqual: "2.7.7", status: "affected", version: "2.7.0", versionType: "semver", }, { lessThanOrEqual: "2.6.3", status: "affected", version: "2.6.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiNDR", vendor: "Fortinet", versions: [ { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.1.0", }, { lessThanOrEqual: "7.0.6", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "1.5.3", status: "affected", version: "1.5.0", versionType: "semver", }, { status: "affected", version: "1.4.0", }, { lessThanOrEqual: "1.3.1", status: "affected", version: "1.3.0", versionType: "semver", }, { status: "affected", version: "1.2.0", }, { status: "affected", version: "1.1.0", }, ], }, { cpes: [ "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiADC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.1", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.2.3", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.1.6", status: "affected", version: "6.1.0", versionType: "semver", }, { lessThanOrEqual: "6.0.4", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThanOrEqual: "5.4.5", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThanOrEqual: "5.3.7", status: "affected", version: "5.3.0", versionType: "semver", }, { lessThanOrEqual: "5.2.8", status: "affected", version: "5.2.0", versionType: "semver", }, { lessThanOrEqual: "5.1.7", status: "affected", version: "5.1.0", versionType: "semver", }, { lessThanOrEqual: "5.0.4", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.9", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiSOAR", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.2", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.3", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.4", status: "affected", version: "6.4.3", versionType: "semver", }, { lessThanOrEqual: "6.4.1", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiVoice", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.1", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.8", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.0.11", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiDDoS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "5.5.1", status: "affected", version: "5.5.0", versionType: "semver", }, { lessThanOrEqual: "5.4.3", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThanOrEqual: "5.3.2", status: "affected", version: "5.3.0", versionType: "semver", }, { status: "affected", version: "5.2.0", }, { status: "affected", version: "5.1.0", }, { status: "affected", version: "5.0.0", }, { status: "affected", version: "4.7.0", }, { status: "affected", version: "4.6.0", }, { status: "affected", version: "4.5.0", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiWLC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "8.6.7", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.5", status: "affected", version: "8.5.0", versionType: "semver", }, { lessThanOrEqual: "8.4.8", status: "affected", version: "8.4.4", versionType: "semver", }, { lessThanOrEqual: "8.4.2", status: "affected", version: "8.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAnalyzer", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.9", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiPortal", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.0.9", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAuthenticator", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.4.1", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.3.3", status: "affected", version: "6.3.0", versionType: "semver", }, { lessThanOrEqual: "6.2.2", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.1.3", status: "affected", version: "6.1.0", versionType: "semver", }, { lessThanOrEqual: "6.0.8", status: "affected", version: "6.0.0", versionType: "semver", }, { status: "affected", version: "5.5.0", }, { lessThanOrEqual: "5.4.1", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThanOrEqual: "5.3.1", status: "affected", version: "5.3.0", versionType: "semver", }, { lessThanOrEqual: "5.2.2", status: "affected", version: "5.2.0", versionType: "semver", }, { lessThanOrEqual: "5.1.2", status: "affected", version: "5.1.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-610", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-22T09:10:28.669Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-21-254", url: "https://fortiguard.com/psirt/FG-IR-21-254", }, ], solutions: [ { lang: "en", value: "FortiOS\nAdministrative Interface\nPlease upgrade to FortiOS version 7.0.6 and above,\nPlease upgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nPlease upgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter interface (port 8008)\nPlease upgrade to FortiProxy version 7.4.0 or above\n\nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.11 or above \nPlease upgrade to FortiNDR version 7.4.0 or above\n\nFortiNDR\nPlease upgrade to FortiNDR version 7.2.1 or above\nPlease upgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n set https-redirect-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\nend\n\nFortiADC\nPlease upgrade to FortiADC version 7.1.0 or above\nPlease upgrade to FortiADC version 7.0.2 or above\nPlease upgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n config system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nFortiDDOS-F\nPlease upgrade to FortiDDoS-F version 6.4.0 or above\nPlease upgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n config system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\" \n\nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiVoice version 7.0.2 or above\nPlease upgrade to FortiVoice version 6.4.9 or above\nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiWLC version 8.6.7 or above \nPlease upgrade to FortiAuthenticator version 6.4.2 or above \nPlease upgrade to FortiAuthenticator version 6.3.4 or above \nPlease upgrade to FortiDDoS version 5.6.0 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiSOAR version 7.3.0 or above \nPlease upgrade to FortiTester version 7.3.0 or above \nPlease upgrade to FortiTester version 7.2.2 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-23439", datePublished: "2025-01-22T09:10:28.669Z", dateReserved: "2022-01-19T07:38:03.512Z", dateUpdated: "2025-01-22T14:21:36.714Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17539
Vulnerability from cvelistv5
Published
2018-05-07 14:00
Modified
2024-10-25 14:32
Severity ?
EPSS score ?
Summary
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-17-274 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104119 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet, Inc. | FortiWLC |
Version: 7.0.11 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:51:32.229Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-17-274", }, { name: "104119", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104119", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2017-17539", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T20:11:08.330380Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T14:32:21.154Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "FortiWLC", vendor: "Fortinet, Inc.", versions: [ { status: "affected", version: "7.0.11 and earlier", }, ], }, ], datePublic: "2018-05-04T00:00:00", descriptions: [ { lang: "en", value: "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.", }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-10T09:57:01", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-17-274", }, { name: "104119", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104119", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", DATE_PUBLIC: "2018-05-04T00:00:00", ID: "CVE-2017-17539", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "FortiWLC", version: { version_data: [ { version_value: "7.0.11 and earlier", }, ], }, }, ], }, vendor_name: "Fortinet, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Execute unauthorized code or commands", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-17-274", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-17-274", }, { name: "104119", refsource: "BID", url: "http://www.securityfocus.com/bid/104119", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2017-17539", datePublished: "2018-05-07T14:00:00Z", dateReserved: "2017-12-11T00:00:00", dateUpdated: "2024-10-25T14:32:21.154Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17540
Vulnerability from cvelistv5
Published
2018-05-07 14:00
Modified
2024-10-25 14:32
Severity ?
EPSS score ?
Summary
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-17-274 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104119 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet, Inc. | FortiWLC |
Version: 8.3.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:51:32.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-17-274", }, { name: "104119", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104119", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2017-17540", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T20:11:06.760147Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T14:32:09.071Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "FortiWLC", vendor: "Fortinet, Inc.", versions: [ { status: "affected", version: "8.3.3", }, ], }, ], datePublic: "2018-05-04T00:00:00", descriptions: [ { lang: "en", value: "The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.", }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-10T09:57:01", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-17-274", }, { name: "104119", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104119", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", DATE_PUBLIC: "2018-05-04T00:00:00", ID: "CVE-2017-17540", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "FortiWLC", version: { version_data: [ { version_value: "8.3.3", }, ], }, }, ], }, vendor_name: "Fortinet, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Execute unauthorized code or commands", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-17-274", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-17-274", }, { name: "104119", refsource: "BID", url: "http://www.securityfocus.com/bid/104119", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2017-17540", datePublished: "2018-05-07T14:00:00Z", dateReserved: "2017-12-11T00:00:00", dateUpdated: "2024-10-25T14:32:09.071Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7341
Vulnerability from cvelistv5
Published
2017-10-26 13:00
Modified
2024-10-25 14:33
Severity ?
EPSS score ?
Summary
An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-17-119 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101273 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:56:36.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-17-119", }, { name: "101273", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101273", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2017-7341", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T20:04:08.221212Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T14:33:30.845Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-10-13T00:00:00", descriptions: [ { lang: "en", value: "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-27T09:57:01", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/psirt/FG-IR-17-119", }, { name: "101273", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101273", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2017-7341", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/psirt/FG-IR-17-119", refsource: "CONFIRM", url: "https://fortiguard.com/psirt/FG-IR-17-119", }, { name: "101273", refsource: "BID", url: "http://www.securityfocus.com/bid/101273", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2017-7341", datePublished: "2017-10-26T13:00:00", dateReserved: "2017-03-30T00:00:00", dateUpdated: "2024-10-25T14:33:30.845Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-8491
Vulnerability from cvelistv5
Published
2017-02-01 17:00
Modified
2024-10-25 14:41
Severity ?
EPSS score ?
Summary
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-16-065 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94186 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiWLC |
Version: 7.0-9-1 Version: 7.0-10-0 Version: 8.1-2-0 Version: 8.1-3-2 Version: 8.2-4-0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:27:39.649Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-16-065", }, { name: "94186", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94186", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2016-8491", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T20:11:13.770072Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T14:41:05.797Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiWLC", vendor: "Fortinet", versions: [ { status: "affected", version: "7.0-9-1", }, { status: "affected", version: "7.0-10-0", }, { status: "affected", version: "8.1-2-0", }, { status: "affected", version: "8.1-3-2", }, { status: "affected", version: "8.2-4-0", }, ], }, ], datePublic: "2016-11-09T00:00:00", descriptions: [ { lang: "en", value: "The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.", }, ], problemTypes: [ { descriptions: [ { description: "Remote shell access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-02T10:57:01", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-16-065", }, { name: "94186", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94186", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2016-8491", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiWLC", version: { version_data: [ { version_value: "7.0-9-1", }, { version_value: "7.0-10-0", }, { version_value: "8.1-2-0", }, { version_value: "8.1-3-2", }, { version_value: "8.2-4-0", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote shell access", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-16-065", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-16-065", }, { name: "94186", refsource: "BID", url: "http://www.securityfocus.com/bid/94186", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2016-8491", datePublished: "2017-02-01T17:00:00", dateReserved: "2016-10-07T00:00:00", dateUpdated: "2024-10-25T14:41:05.797Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-7560
Vulnerability from cvelistv5
Published
2016-10-05 16:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://fortiguard.com/advisory/FG-IR-16-029 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93286 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:04:54.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://fortiguard.com/advisory/FG-IR-16-029", }, { name: "93286", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93286", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-30T00:00:00", descriptions: [ { lang: "en", value: "The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://fortiguard.com/advisory/FG-IR-16-029", }, { name: "93286", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93286", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-7560", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://fortiguard.com/advisory/FG-IR-16-029", refsource: "CONFIRM", url: "http://fortiguard.com/advisory/FG-IR-16-029", }, { name: "93286", refsource: "BID", url: "http://www.securityfocus.com/bid/93286", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-7560", datePublished: "2016-10-05T16:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T02:04:54.763Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-9288
Vulnerability from cvelistv5
Published
2020-06-22 15:14
Modified
2024-10-25 14:01
Severity ?
EPSS score ?
Summary
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-20-016 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiWLC |
Version: FortiWLC 8.5.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:26:15.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-20-016", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-9288", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T13:59:11.194658Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T14:01:09.947Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiWLC", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiWLC 8.5.1", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.", }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-22T15:14:43", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-20-016", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2020-9288", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiWLC", version: { version_data: [ { version_value: "FortiWLC 8.5.1", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Execute unauthorized code or commands", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-20-016", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-20-016", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2020-9288", datePublished: "2020-06-22T15:14:43", dateReserved: "2020-02-19T00:00:00", dateUpdated: "2024-10-25T14:01:09.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42758
Vulnerability from cvelistv5
Published
2021-12-08 10:53
Modified
2024-10-25 13:42
Severity ?
EPSS score ?
Summary
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-21-200 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiWLC |
Version: FortiWLC 8.6.1 and below |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:38:50.213Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-21-200", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-42758", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:13:15.441432Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:42:26.199Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiWLC", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiWLC 8.6.1 and below", }, ], }, ], descriptions: [ { lang: "en", value: "An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "PROOF_OF_CONCEPT", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "UNAVAILABLE", reportConfidence: "REASONABLE", scope: "UNCHANGED", temporalScore: 8, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Improper access control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-08T10:53:03", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-21-200", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2021-42758", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiWLC", version: { version_data: [ { version_value: "FortiWLC 8.6.1 and below", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.", }, ], }, impact: { cvss: { attackComplexity: "Low", attackVector: "Network", availabilityImpact: "High", baseScore: 8, baseSeverity: "High", confidentialityImpact: "High", integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", userInteraction: "None", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper access control", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-21-200", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-21-200", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2021-42758", datePublished: "2021-12-08T10:53:03", dateReserved: "2021-10-20T00:00:00", dateUpdated: "2024-10-25T13:42:26.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7335
Vulnerability from cvelistv5
Published
2017-10-26 13:00
Modified
2024-10-25 14:11
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101287 | vdb-entry, x_refsource_BID | |
| https://fortiguard.com/psirt/FG-IR-17-106 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:56:36.377Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "101287", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101287", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-17-106", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2017-7335", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:00:35.698394Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T14:11:35.540Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-10-13T00:00:00", descriptions: [ { lang: "en", value: "A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters \"refresh\" and \"branchtotable\" present in HTTP POST requests.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-27T09:57:01", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "101287", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101287", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/psirt/FG-IR-17-106", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2017-7335", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters \"refresh\" and \"branchtotable\" present in HTTP POST requests.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "101287", refsource: "BID", url: "http://www.securityfocus.com/bid/101287", }, { name: "https://fortiguard.com/psirt/FG-IR-17-106", refsource: "CONFIRM", url: "https://fortiguard.com/psirt/FG-IR-17-106", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2017-7335", datePublished: "2017-10-26T13:00:00", dateReserved: "2017-03-30T00:00:00", dateUpdated: "2024-10-25T14:11:35.540Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-7561
Vulnerability from cvelistv5
Published
2016-10-05 16:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://fortiguard.com/advisory/FG-IR-16-030 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93282 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:04:54.929Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://fortiguard.com/advisory/FG-IR-16-030", }, { name: "93282", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93282", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-30T00:00:00", descriptions: [ { lang: "en", value: "Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://fortiguard.com/advisory/FG-IR-16-030", }, { name: "93282", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93282", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-7561", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://fortiguard.com/advisory/FG-IR-16-030", refsource: "CONFIRM", url: "http://fortiguard.com/advisory/FG-IR-16-030", }, { name: "93282", refsource: "BID", url: "http://www.securityfocus.com/bid/93282", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-7561", datePublished: "2016-10-05T16:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T02:04:54.929Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }