cvelistv5 - cve-2017-7738

CVE-2017-7738 (GCVE-0-2017-7738)

Vulnerability from cvelistv5

Published

2017-12-13 22:00

Modified

2024-10-25 14:33

Severity ?

CWE

Information Disclosure

Summary

References

URL

Tags

psirt@fortinet.com	http://www.securityfocus.com/bid/102151	Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-17-172	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102151	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-17-172	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Fortinet, Inc.	FortiOS	Version: 5.6.0 to 5.6.2 Version: 5.4.0 to 5.4.5 Version: 5.2 and below

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:12:28.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102151",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102151"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-17-172"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-7738",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:04:06.880918Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:33:09.500Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FortiOS",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.6.0 to 5.6.2"
            },
            {
              "status": "affected",
              "version": "5.4.0 to 5.4.5"
            },
            {
              "status": "affected",
              "version": "5.2 and below"
            }
          ]
        }
      ],
      "datePublic": "2017-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-14T10:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "102151",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102151"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-17-172"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "DATE_PUBLIC": "2017-12-08T00:00:00",
          "ID": "CVE-2017-7738",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FortiOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.6.0 to 5.6.2"
                          },
                          {
                            "version_value": "5.4.0 to 5.4.5"
                          },
                          {
                            "version_value": "5.2 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102151",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102151"
            },
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-172",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-17-172"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2017-7738",
    "datePublished": "2017-12-13T22:00:00Z",
    "dateReserved": "2017-04-12T00:00:00",
    "dateUpdated": "2024-10-25T14:33:09.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7738\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2017-12-13T22:29:00.283\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Fortinet FortiOS de la versi\u00f3n 5.6.0 a la 5.6.2; 5.4.0 a la 5.4.5 y la versi\u00f3n 5.2 y anteriores permite que un usuario administrador con privilegios super_admin vea la informaci\u00f3n de sesi\u00f3n del portal web SSL VPN, que podr\u00eda contener credenciales a trav\u00e9s del comando CLI fnsysctl.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2\",\"matchCriteriaId\":\"2BAFDAFC-2B2B-4681-A709-CD703FFCFD70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndIncluding\":\"5.4.5\",\"matchCriteriaId\":\"AA53FD84-6F7B-462B-AFBF-D0F9D0E04639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6.0\",\"versionEndIncluding\":\"5.6.2\",\"matchCriteriaId\":\"ED9B0663-F69B-4F14-90B7-DF906CD0130A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102151\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-17-172\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-17-172\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/102151\", \"name\": \"102151\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-172\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T16:12:28.411Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-7738\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T20:04:06.880918Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T14:18:32.129Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fortinet, Inc.\", \"product\": \"FortiOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.6.0 to 5.6.2\"}, {\"status\": \"affected\", \"version\": \"5.4.0 to 5.4.5\"}, {\"status\": \"affected\", \"version\": \"5.2 and below\"}]}], \"datePublic\": \"2017-12-08T00:00:00\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/102151\", \"name\": \"102151\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-172\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Information Disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2017-12-14T10:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"5.6.0 to 5.6.2\"}, {\"version_value\": \"5.4.0 to 5.4.5\"}, {\"version_value\": \"5.2 and below\"}]}, \"product_name\": \"FortiOS\"}]}, \"vendor_name\": \"Fortinet, Inc.\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/102151\", \"name\": \"102151\", \"refsource\": \"BID\"}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-172\", \"name\": \"https://fortiguard.com/advisory/FG-IR-17-172\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Information Disclosure\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-7738\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\", \"DATE_PUBLIC\": \"2017-12-08T00:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-7738\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T14:33:09.500Z\", \"dateReserved\": \"2017-04-12T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2017-12-13T22:00:00Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2017-7738

Vulnerability from fkie_nvd

Published

2017-12-13 22:29

Modified

2025-04-20 01:37

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@fortinet.com	http://www.securityfocus.com/bid/102151	Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-17-172	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102151	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-17-172	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BAFDAFC-2B2B-4681-A709-CD703FFCFD70",
              "versionEndIncluding": "5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA53FD84-6F7B-462B-AFBF-D0F9D0E04639",
              "versionEndIncluding": "5.4.5",
              "versionStartIncluding": "5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9B0663-F69B-4F14-90B7-DF906CD0130A",
              "versionEndIncluding": "5.6.2",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Fortinet FortiOS de la versi\u00f3n 5.6.0 a la 5.6.2; 5.4.0 a la 5.4.5 y la versi\u00f3n 5.2 y anteriores permite que un usuario administrador con privilegios super_admin vea la informaci\u00f3n de sesi\u00f3n del portal web SSL VPN, que podr\u00eda contener credenciales a trav\u00e9s del comando CLI fnsysctl."
    }
  ],
  "id": "CVE-2017-7738",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-13T22:29:00.283",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102151"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-172"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2017-37067

Vulnerability from cnvd

Title

Fortinet FortiOS信息泄露漏洞（CNVD-2017-37067）

Description

Fortinet FortiOS是美国飞塔（Fortinet）公司开发的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSL VPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS 5.6.0版本至5.6.2版本、5.4.0版本至5.4.5版本和5.2及之前的版本中存在信息泄露漏洞。远程攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Fortinet FortiOS信息泄露漏洞（CNVD-2017-37067）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://fortiguard.com/psirt/FG-IR-17-172

Reference

http://www.securityfocus.com/bid/102151

Impacted products

Name
['Fortinet FortiOS >=5.4.0，<=5.4.5', 'Fortinet FortiOS >=5.6.0，<=5.6.2', 'Fortinet FortiOS <=5.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102151"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7738"
    }
  },
  "description": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u7528\u6237\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u3001IPSec/SSL VPN\u3001Web\u5185\u5bb9\u8fc7\u6ee4\u548c\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u591a\u79cd\u5b89\u5168\u529f\u80fd\u3002\r\n\r\nFortinet FortiOS 5.6.0\u7248\u672c\u81f35.6.2\u7248\u672c\u30015.4.0\u7248\u672c\u81f35.4.5\u7248\u672c\u548c5.2\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Jean-Noel Meurisse, Solvay S.A.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://fortiguard.com/psirt/FG-IR-17-172",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37067",
  "openTime": "2017-12-13",
  "patchDescription": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u7528\u6237\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u3001IPSec/SSL VPN\u3001Web\u5185\u5bb9\u8fc7\u6ee4\u548c\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u591a\u79cd\u5b89\u5168\u529f\u80fd\u3002\r\n\r\nFortinet FortiOS 5.6.0\u7248\u672c\u81f35.6.2\u7248\u672c\u30015.4.0\u7248\u672c\u81f35.4.5\u7248\u672c\u548c5.2\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-37067\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fortinet FortiOS \u003e=5.4.0\uff0c\u003c=5.4.5",
      "Fortinet FortiOS \u003e=5.6.0\uff0c\u003c=5.6.2",
      "Fortinet FortiOS \u003c=5.2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/102151",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-15",
  "title": "Fortinet FortiOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-37067\uff09"
}

CERTFR-2017-AVI-459

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet . Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions antérieures à 5.4.6
Fortinet	FortiOS	FortiOS versions 5.6.x antérieures à 5.6.3
Fortinet	N/A	FortiCloud versions antérieures à 3.2.1

References

Title

Publication Time

gsd-2017-7738

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-7738

Aliases

CVE-2017-7738

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-7738",
    "description": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.",
    "id": "GSD-2017-7738"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-7738"
      ],
      "details": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.",
      "id": "GSD-2017-7738",
      "modified": "2023-12-13T01:21:06.856411Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "DATE_PUBLIC": "2017-12-08T00:00:00",
        "ID": "CVE-2017-7738",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FortiOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "5.6.0 to 5.6.2"
                        },
                        {
                          "version_value": "5.4.0 to 5.4.5"
                        },
                        {
                          "version_value": "5.2 and below"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102151",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102151"
          },
          {
            "name": "https://fortiguard.com/advisory/FG-IR-17-172",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-17-172"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.2",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.5",
                "versionStartIncluding": "5.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2017-7738"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-172",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-17-172"
            },
            {
              "name": "102151",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102151"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-12-26T16:02Z",
      "publishedDate": "2017-12-13T22:29Z"
    }
  }
}

var-201712-1116

Vulnerability from variot

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. Fortinet FortiOS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following versions are vulnerable: FortiOS 5.6.0 through 5.6.2 FortiOS 5.4.0 through 5.4.5 FortiOS 5.2 and prior. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. An information disclosure vulnerability exists in Fortinet FortiOS versions 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, and 5.2 and earlier

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-1116",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.5"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.2"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.4.0 to  5.4.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.6.0 to  5.6.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.6"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102151"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7738"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:fortinet:fortios",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jean-Noel Meurisse, Solvay S.A.",
    "sources": [
      {
        "db": "BID",
        "id": "102151"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-7738",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-7738",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-115941",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2017-7738",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-7738",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-7738",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-427",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115941",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115941"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7738"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. Fortinet FortiOS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. \nThe following versions are vulnerable:\nFortiOS 5.6.0 through 5.6.2\nFortiOS 5.4.0 through 5.4.5\nFortiOS 5.2 and prior. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. An information disclosure vulnerability exists in Fortinet FortiOS versions 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, and 5.2 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7738"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      },
      {
        "db": "BID",
        "id": "102151"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115941"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7738",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "102151",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-427",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-115941",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115941"
      },
      {
        "db": "BID",
        "id": "102151"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7738"
      }
    ]
  },
  "id": "VAR-201712-1116",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115941"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:30:36.188000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-17-172",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/FG-IR-17-172"
      },
      {
        "title": "Fortinet FortiOS Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77131"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115941"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7738"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/102151"
      },
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-17-172"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7738"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7738"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "https://fortiguard.com/psirt/fg-ir-17-172"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115941"
      },
      {
        "db": "BID",
        "id": "102151"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7738"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115941"
      },
      {
        "db": "BID",
        "id": "102151"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7738"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115941"
      },
      {
        "date": "2017-12-12T00:00:00",
        "db": "BID",
        "id": "102151"
      },
      {
        "date": "2018-01-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      },
      {
        "date": "2017-12-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      },
      {
        "date": "2017-12-13T22:29:00.283000",
        "db": "NVD",
        "id": "CVE-2017-7738"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115941"
      },
      {
        "date": "2017-12-19T22:38:00",
        "db": "BID",
        "id": "102151"
      },
      {
        "date": "2018-01-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      },
      {
        "date": "2017-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      },
      {
        "date": "2024-11-21T03:32:33.560000",
        "db": "NVD",
        "id": "CVE-2017-7738"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiOS Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011265"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-427"
      }
    ],
    "trust": 0.6
  }
}

ghsa-6jcp-68rq-927h

Vulnerability from github

Published

2022-05-14 04:03

Modified

2022-05-14 04:03

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-7738"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-13T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.",
  "id": "GHSA-6jcp-68rq-927h",
  "modified": "2022-05-14T04:03:43Z",
  "published": "2022-05-14T04:03:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7738"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-17-172"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102151"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-7738 (GCVE-0-2017-7738)

Vulnerability from cvelistv5

fkie_cve-2017-7738

Vulnerability from fkie_nvd

cnvd-2017-37067

Vulnerability from cnvd

CERTFR-2017-AVI-459

Vulnerability from certfr_avis

Solution

gsd-2017-7738

Vulnerability from gsd

var-201712-1116

Vulnerability from variot

ghsa-6jcp-68rq-927h

Vulnerability from github

Tags

Sightings

Nomenclature