var-201908-0099
Vulnerability from variot
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. The admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortinac",
"scope": "eq",
"trust": 2.4,
"vendor": "fortinet",
"version": "8.5.0"
},
{
"model": "fortinac",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.3.0"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "8.3.0 to 8.3.6"
},
{
"model": "fortinac",
"scope": "gte",
"trust": 0.6,
"vendor": "fortinet",
"version": "8.3.0,\u003c=8.3.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.5"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.6"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.4"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.3"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.2"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.1"
},
{
"model": "fortinac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3"
},
{
"model": "fortinac",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.5.1"
},
{
"model": "fortinac",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "8.3.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fortinet:fortinac",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Johnatan Camargo from PBI | Dynamic IT Security.",
"sources": [
{
"db": "BID",
"id": "109302"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 0.9
},
"cve": "CVE-2019-5594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-5594",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-22380",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-157029",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-5594",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5594",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-5594",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-22380",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-985",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157029",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. \nThe admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nFortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "VULHUB",
"id": "VHN-157029"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5594",
"trust": 3.4
},
{
"db": "BID",
"id": "109302",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-22380",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2651",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-157029",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"id": "VAR-201908-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
}
]
},
"last_update_date": "2024-11-23T22:21:33.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-19-140",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/FG-IR-19-140"
},
{
"title": "Patch for Fortinet FortiNAC cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/213611"
},
{
"title": "Fortinet FortiNAC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5594"
},
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-19-140"
},
{
"trust": 0.9,
"url": "http://www.fortinet.com/"
},
{
"trust": 0.9,
"url": "https://fortiguard.com/psirt/fg-ir-19-140"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5594"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2651/"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/109302"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "VULHUB",
"id": "VHN-157029"
},
{
"db": "BID",
"id": "109302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"date": "2019-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-157029"
},
{
"date": "2019-07-16T00:00:00",
"db": "BID",
"id": "109302"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"date": "2019-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"date": "2019-08-23T21:15:12.130000",
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"date": "2019-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-157029"
},
{
"date": "2019-07-16T00:00:00",
"db": "BID",
"id": "109302"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008217"
},
{
"date": "2019-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-985"
},
{
"date": "2024-11-21T04:45:11.907000",
"db": "NVD",
"id": "CVE-2019-5594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiNAC cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22380"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-985"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.