var-201711-0048
Vulnerability from variot
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to a URI-redirection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible. Fortinet FortiOS 5.0 and prior, 5.2.0 through 5.2.12, 5.4.0 through 5.4.6 and 5.6.0 through 5.6.2 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. SSL-VPN portal is one of the VPN management interfaces. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. The following products and versions are affected: Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.6, 5.2.0 to 5.2.12, 5.0 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0048", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "lte", "trust": 1.8, "vendor": "fortinet", "version": "5.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.2.12" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.0" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.6.2" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.6" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "gt", "trust": 1.0, "vendor": "fortinet", "version": "5.2.0" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "5.4.3" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "5.2.8" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "5.2.6" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "5.2.5" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "5.2.4" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "5.2.3" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "5.2.2" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "5.2.9" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "5.2.0 to 5.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "5.4.0 to 5.4.6" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "5.6.0 to 5.6.2" }, { "model": "fortios", "scope": "eq", "trust": 0.6, "vendor": "fortinet", "version": "5.2.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.6" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.4.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.6.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" } ], "sources": [ { "db": "BID", "id": "101955" }, { "db": "JVNDB", "id": "JVNDB-2017-011129" }, { "db": "CNNVD", "id": "CNNVD-201709-357" }, { "db": "NVD", "id": "CVE-2017-14186" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:fortinet:fortios", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011129" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stefan Viehbck from SEC Consult Vulnerability Lab", "sources": [ { "db": "BID", "id": "101955" } ], "trust": 0.3 }, "cve": "CVE-2017-14186", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "CVE-2017-14186", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "VHN-104883", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.3, "id": "CVE-2017-14186", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-14186", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2017-14186", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201709-357", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-104883", "trust": 0.1, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2017-14186", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-104883" }, { "db": "VULMON", "id": "CVE-2017-14186" }, { "db": "JVNDB", "id": "JVNDB-2017-011129" }, { "db": "CNNVD", "id": "CNNVD-201709-357" }, { "db": "NVD", "id": "CVE-2017-14186" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim\u0027s browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to a URI-redirection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. \nAttackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible. \nFortinet FortiOS 5.0 and prior, 5.2.0 through 5.2.12, 5.4.0 through 5.4.6 and 5.6.0 through 5.6.2 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. SSL-VPN portal is one of the VPN management interfaces. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. The following products and versions are affected: Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.6, 5.2.0 to 5.2.12, 5.0 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2017-14186" }, { "db": "JVNDB", "id": "JVNDB-2017-011129" }, { "db": "BID", "id": "101955" }, { "db": "VULHUB", "id": "VHN-104883" }, { "db": "VULMON", "id": "CVE-2017-14186" } ], "trust": 2.07 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-104883", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-104883" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-14186", "trust": 2.9 }, { "db": "BID", "id": "101955", "trust": 2.1 }, { "db": "SECTRACK", "id": "1039891", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2017-011129", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201709-357", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1891.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1891", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "145196", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-104883", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-14186", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-104883" }, { "db": "VULMON", "id": "CVE-2017-14186" }, { "db": "BID", "id": "101955" }, { "db": "JVNDB", "id": "JVNDB-2017-011129" }, { "db": "CNNVD", "id": "CNNVD-201709-357" }, { "db": "NVD", "id": "CVE-2017-14186" } ] }, "id": "VAR-201711-0048", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-104883" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:42:02.584000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-17-242", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-17-242" }, { "title": "Fortinet FortiOS SSL-VPN Fixes for portal cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92981" }, { "title": "Kenzer Templates [5170] [DEPRECATED]", "trust": 0.1, "url": "https://github.com/ARPSyndicate/kenzer-templates " } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-14186" }, { "db": "JVNDB", "id": "JVNDB-2017-011129" }, { "db": "CNNVD", "id": "CNNVD-201709-357" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-104883" }, { "db": "JVNDB", "id": "JVNDB-2017-011129" }, { "db": "NVD", "id": "CVE-2017-14186" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.securityfocus.com/bid/101955" }, { "trust": 1.8, "url": "https://fortiguard.com/advisory/fg-ir-17-242" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1039891" }, { "trust": 0.9, "url": "https://fortiguard.com/psirt/fg-ir-17-242" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14186" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14186" }, { "trust": 0.6, "url": "https://fortiguard.com/psirt/fg-ir-18-389" }, { "trust": 0.6, "url": "https://fortiguard.com/psirt/fg-ir-18-384" }, { "trust": 0.6, "url": "https://fortiguard.com/psirt/fg-ir-19-034" }, { "trust": 0.6, "url": "https://fortiguard.com/psirt/fg-ir-18-383" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1891/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1891.2/" }, { "trust": 0.3, "url": "https://www.fortinet.com/products/fortigate/fortios.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://packetstormsecurity.com/files/145196/fortigate-ssl-vpn-portal-5.x-cross-site-scripting.html" }, { "trust": 0.1, "url": "https://github.com/arpsyndicate/kenzer-templates" } ], "sources": [ { "db": "VULHUB", "id": "VHN-104883" }, { "db": "VULMON", "id": "CVE-2017-14186" }, { "db": "BID", "id": "101955" }, { "db": "JVNDB", "id": "JVNDB-2017-011129" }, { "db": "CNNVD", "id": "CNNVD-201709-357" }, { "db": "NVD", "id": "CVE-2017-14186" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-104883" }, { "db": "VULMON", "id": "CVE-2017-14186" }, { "db": "BID", "id": "101955" }, { "db": "JVNDB", "id": "JVNDB-2017-011129" }, { "db": "CNNVD", "id": "CNNVD-201709-357" }, { "db": "NVD", "id": "CVE-2017-14186" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-29T00:00:00", "db": "VULHUB", "id": "VHN-104883" }, { "date": "2017-11-29T00:00:00", "db": "VULMON", "id": "CVE-2017-14186" }, { "date": "2017-11-23T00:00:00", "db": "BID", "id": "101955" }, { "date": "2018-01-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011129" }, { "date": "2017-09-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201709-357" }, { "date": "2017-11-29T19:29:00.273000", "db": "NVD", "id": "CVE-2017-14186" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-29T00:00:00", "db": "VULHUB", "id": "VHN-104883" }, { "date": "2019-05-29T00:00:00", "db": "VULMON", "id": "CVE-2017-14186" }, { "date": "2017-12-19T22:37:00", "db": "BID", "id": "101955" }, { "date": "2018-01-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011129" }, { "date": "2019-06-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201709-357" }, { "date": "2024-11-21T03:12:19.340000", "db": "NVD", "id": "CVE-2017-14186" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201709-357" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet FortiOS Vulnerable to cross-site scripting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011129" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201709-357" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.