cvelistv5 - cve-2006-3222

CVE-2006-3222 (GCVE-0-2006-3222)

Vulnerability from cvelistv5

Published

2006-06-24 10:00

Modified

2024-08-07 18:23

Severity ?

CWE

Summary

The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.

References

URL

Tags

cve@mitre.org	http://attrition.org/pipermail/vim/2006-July/000921.html
cve@mitre.org	http://secunia.com/advisories/20720	Patch, Vendor Advisory
cve@mitre.org	http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html	Patch
cve@mitre.org	http://www.osvdb.org/26736
cve@mitre.org	http://www.securityfocus.com/bid/18570
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2467
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27532
af854a3a-2127-422b-91ae-364da2661108	http://attrition.org/pipermail/vim/2006-July/000921.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20720	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26736
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18570
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2467
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27532

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:23:21.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html"
          },
          {
            "name": "20720",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20720"
          },
          {
            "name": "18570",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18570"
          },
          {
            "name": "26736",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26736"
          },
          {
            "name": "20060707 FortiGate issue - \"EPSV\" not \"ESPV\"",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://attrition.org/pipermail/vim/2006-July/000921.html"
          },
          {
            "name": "fortinet-ftp-espv-security-bypass(27532)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27532"
          },
          {
            "name": "ADV-2006-2467",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2467"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html"
        },
        {
          "name": "20720",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20720"
        },
        {
          "name": "18570",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18570"
        },
        {
          "name": "26736",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26736"
        },
        {
          "name": "20060707 FortiGate issue - \"EPSV\" not \"ESPV\"",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://attrition.org/pipermail/vim/2006-July/000921.html"
        },
        {
          "name": "fortinet-ftp-espv-security-bypass(27532)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27532"
        },
        {
          "name": "ADV-2006-2467",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2467"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html",
              "refsource": "CONFIRM",
              "url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html"
            },
            {
              "name": "20720",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20720"
            },
            {
              "name": "18570",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18570"
            },
            {
              "name": "26736",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26736"
            },
            {
              "name": "20060707 FortiGate issue - \"EPSV\" not \"ESPV\"",
              "refsource": "VIM",
              "url": "http://attrition.org/pipermail/vim/2006-July/000921.html"
            },
            {
              "name": "fortinet-ftp-espv-security-bypass(27532)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27532"
            },
            {
              "name": "ADV-2006-2467",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2467"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3222",
    "datePublished": "2006-06-24T10:00:00",
    "dateReserved": "2006-06-23T00:00:00",
    "dateUpdated": "2024-08-07T18:23:21.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3222\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-06-24T10:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo proxy FTP Fortinet FortiOS (FortiGate) anterior v2.80 MR12 y v3.0 MR2 permite a atacantes remotos superar el escaneo del anti-virus a trav\u00e9s del modo Enhanced Passive (EPSV) FTP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:2.5_0mr4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0779FEC-B7A9-416D-AC8B-A2F646C166F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:2.8_mr10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"769D4FB0-780F-48B0-958B-8E088CD2CBF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:2.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1A5E477-ADA7-469F-80EF-97EE2AF926B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:2.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB2815EF-253B-4E3D-BFA7-265021783158\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:2.50_mr5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6810DDBF-3411-4FD9-981A-E8D5FA7FD0CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:2.80:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"767E66F6-7AF3-4541-8797-D7503D852044\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"631ED29C-890E-4C53-8ADB-0061125FEEDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:3.0_beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"973C42EB-2073-4ED9-AE15-F72C863394ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:3.0_mr1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A36F497-1BD7-466A-BA57-069BEA042EE0\"}]}]}],\"references\":[{\"url\":\"http://attrition.org/pipermail/vim/2006-July/000921.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20720\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/26736\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/18570\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2467\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27532\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://attrition.org/pipermail/vim/2006-July/000921.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/26736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2006-3222

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.

Aliases

CVE-2006-3222

Aliases

CVE-2006-3222

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3222",
    "description": "The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.",
    "id": "GSD-2006-3222"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3222"
      ],
      "details": "The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.",
      "id": "GSD-2006-3222",
      "modified": "2023-12-13T01:19:56.829606Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3222",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html",
            "refsource": "CONFIRM",
            "url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html"
          },
          {
            "name": "20720",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20720"
          },
          {
            "name": "18570",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18570"
          },
          {
            "name": "26736",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26736"
          },
          {
            "name": "20060707 FortiGate issue - \"EPSV\" not \"ESPV\"",
            "refsource": "VIM",
            "url": "http://attrition.org/pipermail/vim/2006-July/000921.html"
          },
          {
            "name": "fortinet-ftp-espv-security-bypass(27532)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27532"
          },
          {
            "name": "ADV-2006-2467",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2467"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:2.5_0mr4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:2.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:2.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:2.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:3.0_beta:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:3.0_mr1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:2.50_mr5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:2.8_mr10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3222"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html"
            },
            {
              "name": "18570",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18570"
            },
            {
              "name": "20720",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20720"
            },
            {
              "name": "20060707 FortiGate issue - \"EPSV\" not \"ESPV\"",
              "refsource": "VIM",
              "tags": [],
              "url": "http://attrition.org/pipermail/vim/2006-July/000921.html"
            },
            {
              "name": "26736",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/26736"
            },
            {
              "name": "ADV-2006-2467",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2467"
            },
            {
              "name": "fortinet-ftp-espv-security-bypass(27532)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27532"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:32Z",
      "publishedDate": "2006-06-24T10:06Z"
    }
  }
}

ghsa-c872-4w95-c3v6

Vulnerability from github

Published

2022-05-01 07:06

Modified

2022-05-01 07:06

Details

The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3222"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-24T10:06:00Z",
    "severity": "MODERATE"
  },
  "details": "The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.",
  "id": "GHSA-c872-4w95-c3v6",
  "modified": "2022-05-01T07:06:45Z",
  "published": "2022-05-01T07:06:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3222"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27532"
    },
    {
      "type": "WEB",
      "url": "http://attrition.org/pipermail/vim/2006-July/000921.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20720"
    },
    {
      "type": "WEB",
      "url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/26736"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18570"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2467"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2006-3222

Vulnerability from fkie_nvd

Published

2006-06-24 10:06

Modified

2025-04-03 01:03

Severity ?

Summary

The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.

References

URL	Tags
cve@mitre.org	http://attrition.org/pipermail/vim/2006-July/000921.html
cve@mitre.org	http://secunia.com/advisories/20720	Patch, Vendor Advisory
cve@mitre.org	http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html	Patch
cve@mitre.org	http://www.osvdb.org/26736
cve@mitre.org	http://www.securityfocus.com/bid/18570
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2467
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27532
af854a3a-2127-422b-91ae-364da2661108	http://attrition.org/pipermail/vim/2006-July/000921.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20720	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26736
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18570
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2467
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27532

Impacted products

Vendor	Product	Version
fortinet	fortios	2.5_0mr4
fortinet	fortios	2.8_mr10
fortinet	fortios	2.36
fortinet	fortios	2.50
fortinet	fortios	2.50_mr5
fortinet	fortios	2.80
fortinet	fortios	3.0
fortinet	fortios	3.0_beta
fortinet	fortios	3.0_mr1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:2.5_0mr4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0779FEC-B7A9-416D-AC8B-A2F646C166F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:2.8_mr10:*:*:*:*:*:*:*",
              "matchCriteriaId": "769D4FB0-780F-48B0-958B-8E088CD2CBF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:2.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1A5E477-ADA7-469F-80EF-97EE2AF926B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB2815EF-253B-4E3D-BFA7-265021783158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:2.50_mr5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6810DDBF-3411-4FD9-981A-E8D5FA7FD0CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "767E66F6-7AF3-4541-8797-D7503D852044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "631ED29C-890E-4C53-8ADB-0061125FEEDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:3.0_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "973C42EB-2073-4ED9-AE15-F72C863394ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:3.0_mr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A36F497-1BD7-466A-BA57-069BEA042EE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo proxy FTP Fortinet FortiOS (FortiGate) anterior v2.80 MR12 y v3.0 MR2 permite a atacantes remotos superar el escaneo del anti-virus a trav\u00e9s del modo Enhanced Passive (EPSV) FTP."
    }
  ],
  "id": "CVE-2006-3222",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-24T10:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://attrition.org/pipermail/vim/2006-July/000921.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20720"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/26736"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18570"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2467"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://attrition.org/pipermail/vim/2006-July/000921.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/26736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27532"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. Fortinet FortiGate is prone to a vulnerability that allows an attacker to bypass antivirus protection. This issue occurs when files are transferred using the FTP protocol under certain conditions. Fortinet FortiOS versions prior to 2.80 MR12 and 3.0 MR2 are vulnerable to this issue if the FTP antivirus gateway-scanning service is used. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration.

Want to join the Secunia Security Team?

Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports.

http://secunia.com/secunia_security_specialist/

TITLE: FortiGate FTP Anti-Virus Scanning Bypass Vulnerability

SECUNIA ADVISORY ID: SA20720

VERIFY ADVISORY: http://secunia.com/advisories/20720/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE:

From remote

OPERATING SYSTEM: Fortinet FortiOS (FortiGate) 3.x http://secunia.com/product/6802/ Fortinet FortiOS (FortiGate) 2.x http://secunia.com/product/2289/

DESCRIPTION: A vulnerability has been reported in FortiGate, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error within the FortiGate FTP proxy when handling the ESPV command.

SOLUTION: Update to FortiOS 2.80 MR12 release or FortiOS 3.0 MR2 release.

Users can contact Fortinet Tech Support to obtain the updated firmware.

PROVIDED AND/OR DISCOVERED BY: The vendor credits a recent magazine test review article.

ORIGINAL ADVISORY: http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200606-0317",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "2.80"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "2.50"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "2.36"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "2.8_mr10"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "3.0_beta"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "2.5_0mr4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "3.0_mr1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "2.50_mr5"
      },
      {
        "model": "fortios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortios mr5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.50"
      },
      {
        "model": "fortios mr10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.8"
      },
      {
        "model": "fortios 0mr4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.5"
      },
      {
        "model": "fortios mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortios mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortios mr12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.80"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "18570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3222"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiGuard Center",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-3222",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2006-3222",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-19330",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-3222",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200606-490",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-19330",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19330"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3222"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. Fortinet FortiGate is prone to a vulnerability that allows an attacker to bypass antivirus protection. This issue occurs when files are transferred using the FTP protocol under certain conditions. \nFortinet FortiOS versions prior to 2.80 MR12 and 3.0 MR2 are vulnerable to this issue if the FTP antivirus gateway-scanning service is used. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. \n\n----------------------------------------------------------------------\n\nWant to join the Secunia Security Team?\n\nSecunia offers a position as a security specialist, where your daily\nwork involves reverse engineering of software and exploit code,\nauditing of source code, and analysis of vulnerability reports. \n\nhttp://secunia.com/secunia_security_specialist/\n\n----------------------------------------------------------------------\n\nTITLE:\nFortiGate FTP Anti-Virus Scanning Bypass Vulnerability\n\nSECUNIA ADVISORY ID:\nSA20720\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/20720/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nFortinet FortiOS (FortiGate) 3.x\nhttp://secunia.com/product/6802/\nFortinet FortiOS (FortiGate) 2.x\nhttp://secunia.com/product/2289/\n\nDESCRIPTION:\nA vulnerability has been reported in FortiGate, which can be\nexploited by malicious people to bypass certain security\nrestrictions. \n\nThe vulnerability is caused due to an error within the FortiGate FTP\nproxy when handling the ESPV command. \n\nSOLUTION:\nUpdate to FortiOS 2.80 MR12 release or FortiOS 3.0 MR2 release. \n\nUsers can contact Fortinet Tech Support to obtain the updated\nfirmware. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits a recent magazine test review article. \n\nORIGINAL ADVISORY:\nhttp://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3222"
      },
      {
        "db": "BID",
        "id": "18570"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19330"
      },
      {
        "db": "PACKETSTORM",
        "id": "47570"
      }
    ],
    "trust": 1.35
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "18570",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "20720",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2467",
        "trust": 1.7
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3222",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "26736",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-490",
        "trust": 0.7
      },
      {
        "db": "VIM",
        "id": "20060707 FORTIGATE ISSUE - \"EPSV\" NOT \"ESPV\"",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "27532",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-19330",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "47570",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19330"
      },
      {
        "db": "BID",
        "id": "18570"
      },
      {
        "db": "PACKETSTORM",
        "id": "47570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3222"
      }
    ]
  },
  "id": "VAR-200606-0317",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19330"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T23:07:04.976000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3222"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.fortinet.com/fortiguardcenter/advisory/fg-2006-15.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/18570"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/26736"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/20720"
      },
      {
        "trust": 1.7,
        "url": "http://attrition.org/pipermail/vim/2006-july/000921.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/2467"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27532"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/2467"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/27532"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6802/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20720/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2289/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19330"
      },
      {
        "db": "BID",
        "id": "18570"
      },
      {
        "db": "PACKETSTORM",
        "id": "47570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3222"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-19330"
      },
      {
        "db": "BID",
        "id": "18570"
      },
      {
        "db": "PACKETSTORM",
        "id": "47570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3222"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-06-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19330"
      },
      {
        "date": "2006-06-21T00:00:00",
        "db": "BID",
        "id": "18570"
      },
      {
        "date": "2006-06-25T20:51:40",
        "db": "PACKETSTORM",
        "id": "47570"
      },
      {
        "date": "2006-06-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      },
      {
        "date": "2006-06-24T10:06:00",
        "db": "NVD",
        "id": "CVE-2006-3222"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19330"
      },
      {
        "date": "2006-06-21T22:35:00",
        "db": "BID",
        "id": "18570"
      },
      {
        "date": "2006-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      },
      {
        "date": "2024-11-21T00:13:06.460000",
        "db": "NVD",
        "id": "CVE-2006-3222"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiGate FTP Scanning agent Access control bypass vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-490"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-3222 (GCVE-0-2006-3222)

Vulnerability from cvelistv5

gsd-2006-3222

Vulnerability from gsd

ghsa-c872-4w95-c3v6

Vulnerability from github

fkie_cve-2006-3222

Vulnerability from fkie_nvd

var-200606-0317

Vulnerability from variot

Tags

Sightings

Nomenclature