cvelistv5 - cve-2019-5594

CVE-2019-5594 (GCVE-0-2019-5594)

Vulnerability from cvelistv5

Published

2019-08-23 20:10

Modified

2024-10-25 14:05

Severity ?

CWE

Execute unauthorized code or commands

Summary

References

URL

Tags

	psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-19-140	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-19-140	Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	Fortinet FortiNAC	Version: FortiNAC 8.3.0 to 8.3.6 and 8.5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:50.783Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-19-140"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-5594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:59:48.118067Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:05:42.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiNAC",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "FortiNAC 8.3.0 to 8.3.6 and 8.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-23T20:10:54",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-19-140"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2019-5594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiNAC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiNAC 8.3.0 to 8.3.6 and 8.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-19-140",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-19-140"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2019-5594",
    "datePublished": "2019-08-23T20:10:54",
    "dateReserved": "2019-01-07T00:00:00",
    "dateUpdated": "2024-10-25T14:05:42.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5594\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2019-08-23T21:15:12.130\",\"lastModified\":\"2024-11-21T04:45:11.907\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Neutralization of Input During Web Page Generation (\\\"Cross-site Scripting\\\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.\"},{\"lang\":\"es\",\"value\":\"Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\\\"Cross-site Scripting\\\") en Fortinet FortiNAC 8.3.0 a 8.3.6 y 8.5.0 admin webUI puede permitir que un atacante no autenticado realice un ataque XSS reflejado a trav\u00e9s del campo de b\u00fasqueda en el webUI.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0\",\"versionEndIncluding\":\"8.3.6\",\"matchCriteriaId\":\"8A3925F5-BA4F-406D-A38F-3EFC8D0083BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:8.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E16B46B-FA2D-4208-9DBC-AD0DF3344DE1\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/advisory/FG-IR-19-140\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-19-140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Fortinet FortiNAC\", \"vendor\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"FortiNAC 8.3.0 to 8.3.6 and 8.5.0\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Neutralization of Input During Web Page Generation (\\\"Cross-site Scripting\\\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Execute unauthorized code or commands\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2019-08-23T20:10:54\", \"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://fortiguard.com/advisory/FG-IR-19-140\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"psirt@fortinet.com\", \"ID\": \"CVE-2019-5594\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Fortinet FortiNAC\", \"version\": {\"version_data\": [{\"version_value\": \"FortiNAC 8.3.0 to 8.3.6 and 8.5.0\"}]}}]}, \"vendor_name\": \"n/a\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An Improper Neutralization of Input During Web Page Generation (\\\"Cross-site Scripting\\\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Execute unauthorized code or commands\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://fortiguard.com/advisory/FG-IR-19-140\", \"refsource\": \"CONFIRM\", \"url\": \"https://fortiguard.com/advisory/FG-IR-19-140\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T20:01:50.783Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://fortiguard.com/advisory/FG-IR-19-140\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-5594\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T13:59:48.118067Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T14:01:02.616Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"assignerShortName\": \"fortinet\", \"cveId\": \"CVE-2019-5594\", \"datePublished\": \"2019-08-23T20:10:54\", \"dateReserved\": \"2019-01-07T00:00:00\", \"dateUpdated\": \"2024-10-25T14:05:42.451Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

var-201908-0099

Vulnerability from variot

An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. The admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0099",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "fortinet",
        "version": "8.5.0"
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.3.6"
      },
      {
        "model": "fortinac",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.3.0"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "8.3.0 to  8.3.6"
      },
      {
        "model": "fortinac",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "8.3.0,\u003c=8.3.6"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.5"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.3.6"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.3.4"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.3.3"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.3.2"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.3.1"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.3"
      },
      {
        "model": "fortinac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.5.1"
      },
      {
        "model": "fortinac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.3.7"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "db": "BID",
        "id": "109302"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5594"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fortinet:fortinac",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Johnatan Camargo from PBI | Dynamic IT Security.",
    "sources": [
      {
        "db": "BID",
        "id": "109302"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-5594",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-5594",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2020-22380",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-157029",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-5594",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-5594",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-5594",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-22380",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-985",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-157029",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157029"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5594"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. \nThe admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nFortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5594"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      },
      {
        "db": "BID",
        "id": "109302"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157029"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5594",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "109302",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008217",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2651",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-157029",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157029"
      },
      {
        "db": "BID",
        "id": "109302"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5594"
      }
    ]
  },
  "id": "VAR-201908-0099",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157029"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:21:33.758000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-19-140",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/FG-IR-19-140"
      },
      {
        "title": "Patch for Fortinet FortiNAC cross-site scripting vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/213611"
      },
      {
        "title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95287"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157029"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5594"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5594"
      },
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-19-140"
      },
      {
        "trust": 0.9,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.9,
        "url": "https://fortiguard.com/psirt/fg-ir-19-140"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5594"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2651/"
      },
      {
        "trust": 0.6,
        "url": "https://www.securityfocus.com/bid/109302"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157029"
      },
      {
        "db": "BID",
        "id": "109302"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5594"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157029"
      },
      {
        "db": "BID",
        "id": "109302"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5594"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "date": "2019-08-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157029"
      },
      {
        "date": "2019-07-16T00:00:00",
        "db": "BID",
        "id": "109302"
      },
      {
        "date": "2019-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      },
      {
        "date": "2019-07-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      },
      {
        "date": "2019-08-23T21:15:12.130000",
        "db": "NVD",
        "id": "CVE-2019-5594"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "date": "2019-08-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157029"
      },
      {
        "date": "2019-07-16T00:00:00",
        "db": "BID",
        "id": "109302"
      },
      {
        "date": "2019-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008217"
      },
      {
        "date": "2019-08-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      },
      {
        "date": "2024-11-21T04:45:11.907000",
        "db": "NVD",
        "id": "CVE-2019-5594"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiNAC cross-site scripting vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22380"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-985"
      }
    ],
    "trust": 0.6
  }
}

ghsa-q52x-xpc3-85cg

Vulnerability from github

Published

2022-05-24 16:54

Modified

2024-04-04 01:47

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5594"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-23T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.",
  "id": "GHSA-q52x-xpc3-85cg",
  "modified": "2024-04-04T01:47:10Z",
  "published": "2022-05-24T16:54:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5594"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-19-140"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2019-5594

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-5594

Aliases

CVE-2019-5594

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5594",
    "description": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.",
    "id": "GSD-2019-5594"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5594"
      ],
      "details": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.",
      "id": "GSD-2019-5594",
      "modified": "2023-12-13T01:23:55.592048Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2019-5594",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet FortiNAC",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FortiNAC 8.3.0 to 8.3.6 and 8.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Execute unauthorized code or commands"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/advisory/FG-IR-19-140",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-19-140"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.3.6",
                "versionStartIncluding": "8.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2019-5594"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-19-140",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-19-140"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-08-26T14:12Z",
      "publishedDate": "2019-08-23T21:15Z"
    }
  }
}

CERTFR-2019-AVI-338

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Fortinet FortiNAC. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiNAC	FortiNAC versions 8.5.x antérieures à 8.5.1
	Fortinet	FortiNAC	FortiNAC versions antérieures à 8.3.7

References

Title

Publication Time

fkie_cve-2019-5594

Vulnerability from fkie_nvd

Published

2019-08-23 21:15

Modified

2024-11-21 04:45

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-19-140	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-19-140	Vendor Advisory

Impacted products

	Vendor	Product	Version
	fortinet	fortinac	*
	fortinet	fortinac	8.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3925F5-BA4F-406D-A38F-3EFC8D0083BE",
              "versionEndIncluding": "8.3.6",
              "versionStartIncluding": "8.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E16B46B-FA2D-4208-9DBC-AD0DF3344DE1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI."
    },
    {
      "lang": "es",
      "value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\"Cross-site Scripting\") en Fortinet FortiNAC 8.3.0 a 8.3.6 y 8.5.0 admin webUI puede permitir que un atacante no autenticado realice un ataque XSS reflejado a trav\u00e9s del campo de b\u00fasqueda en el webUI."
    }
  ],
  "id": "CVE-2019-5594",
  "lastModified": "2024-11-21T04:45:11.907",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-23T21:15:12.130",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-19-140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-19-140"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2020-22380

Vulnerability from cnvd

Title

Fortinet FortiNAC跨站脚本漏洞

Description

Fortinet FortiNAC是美国飞塔（Fortinet）公司的一套网络访问控制解决方案。该产品主要用于网络访问控制和物联网安全防护。 Fortinet FortiNAC存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Severity

中

Patch Name

Fortinet FortiNAC跨站脚本漏洞的补丁

Patch Description

Fortinet FortiNAC是美国飞塔（Fortinet）公司的一套网络访问控制解决方案。该产品主要用于网络访问控制和物联网安全防护。 Fortinet FortiNAC存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://fortiguard.com/psirt/FG-IR-19-140

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-5594

Impacted products

Name
['Fortinet FortiNAC >=8.3.0，<=8.3.6', 'Fortinet FortiNAC 8.5.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5594",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-5594"
    }
  },
  "description": "Fortinet FortiNAC\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u7f51\u7edc\u8bbf\u95ee\u63a7\u5236\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u7f51\u7edc\u8bbf\u95ee\u63a7\u5236\u548c\u7269\u8054\u7f51\u5b89\u5168\u9632\u62a4\u3002\n\nFortinet FortiNAC\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.com/psirt/FG-IR-19-140",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22380",
  "openTime": "2020-04-12",
  "patchDescription": "Fortinet FortiNAC\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u7f51\u7edc\u8bbf\u95ee\u63a7\u5236\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u7f51\u7edc\u8bbf\u95ee\u63a7\u5236\u548c\u7269\u8054\u7f51\u5b89\u5168\u9632\u62a4\u3002\r\n\r\nFortinet FortiNAC\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiNAC\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fortinet FortiNAC \u003e=8.3.0\uff0c\u003c=8.3.6",
      "Fortinet FortiNAC 8.5.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-5594",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-26",
  "title": "Fortinet FortiNAC\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-5594 (GCVE-0-2019-5594)

Vulnerability from cvelistv5

var-201908-0099

Vulnerability from variot

ghsa-q52x-xpc3-85cg

Vulnerability from github

gsd-2019-5594

Vulnerability from gsd

CERTFR-2019-AVI-338

Vulnerability from certfr_avis

Solution

fkie_cve-2019-5594

Vulnerability from fkie_nvd

cnvd-2020-22380

Vulnerability from cnvd

Tags

Sightings

Nomenclature