Search criteria
24 vulnerabilities found for FortiAP-W2 by Fortinet
CERTFR-2025-AVI-0031
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiTester | FortiTester versions antérieures à 7.2.1 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.2.2 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 7.0.5 | ||
| Fortinet | FortiMail | FortiMail versions 6.4x antérieures à 6.4.8 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.6.1 pour la vulnérabilité CVE-2024-52963 | ||
| Fortinet | FortiVoice | FortiVoice versions antérieures à 6.4.10 | ||
| Fortinet | FortiSOAR | Connecteur IMAP pour FortiSOAR versions antérieures à 3.5.8 | ||
| Fortinet | FortiClient | FortiClientEMS Cloud versions antérieures à 7.2.5 | ||
| Fortinet | FortiClient | FortiClientEMS versions antérieures à 7.2.5 | ||
| Fortinet | FortiClient | FortiClientWindows versions antérieures à 7.4.1 | ||
| Fortinet | FortiSwitch | FortiSwitch versions antérieures à 6.2.8 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.2.x postérieures à 7.2.1 et antérieures à 7.2.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.4.x postérieures à 7.4.1 et antérieures à 7.4.4 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions antérieures à 6.0.1 | ||
| Fortinet | FortiManager | FortiManager Cloud versions antérieures à 7.0.13 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.16 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions antérieures à 7.0.12 | ||
| Fortinet | FortiAP-W2 | FortiAP-W2 versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiAP-W2 | FortiAP-W2 versions antérieures à 7.2.4 | ||
| Fortinet | FortiDDoS | FortiDDoS versions antérieures à 5.5.1 | ||
| Fortinet | FortiManager | FortiManager versions 6.2.x antérieures à 6.2.12 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiDDoS-F | FortiDDoS-F versions antérieures à 6.3.3 | ||
| Fortinet | FortiVoiceEnterprise | FortiVoiceEnterprise versions antérieures à 6.0.10 | ||
| Fortinet | FortiVoiceEnterprise | FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4 | ||
| Fortinet | FortiWLC | FortiWLC versions 8.6.x antérieures à 8.6.6 | ||
| Fortinet | FortiADC | FortiADC versions 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.3.x antérieures à 7.3.3 | ||
| Fortinet | FortiClient | FortiClientMac versions antérieures à 7.4.0 | ||
| Fortinet | FortiClient | FortiClientLinux versions antérieures à 7.4.0 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiClient | FortiClientEMS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiClient | FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiClient | FortiClientLinux versions antérieures à 7.2.5 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.4 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiClient | FortiClientMac versions antérieures à 7.2.5 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.14 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiSOAR | FortiSOAR versions antérieures à 7.2.2 Security Patch 9 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.19 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.13 | ||
| Fortinet | FortiPortal | FortiPortal versions 6.0.x antérieures à 6.0.15 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.15 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.13 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.5.x antérieures à 7.5.1 | ||
| Fortinet | FortiAP | FortiAP versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiAP-S | FortiAP-S versions antérieures à 6.4.10 | ||
| Fortinet | FortiAP | FortiAP versions antérieures à 7.2.4 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.5 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.2.x antérieures à 4.2.7 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.0.5 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions antérieures à 6.3.3 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions 6.4.x antérieures à 6.4.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 7.1.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiAP-W2",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAP-W2",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3",
"product": {
"name": "FortiDDoS-F",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10",
"product": {
"name": "FortiVoiceEnterprise",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
"product": {
"name": "FortiVoiceEnterprise",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "FortiWLC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiAP-S",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45326"
},
{
"name": "CVE-2023-37931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37931"
},
{
"name": "CVE-2024-32115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32115"
},
{
"name": "CVE-2023-42786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42786"
},
{
"name": "CVE-2024-35280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35280"
},
{
"name": "CVE-2024-35273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35273"
},
{
"name": "CVE-2024-48884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48884"
},
{
"name": "CVE-2024-46666",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46666"
},
{
"name": "CVE-2022-23439",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23439"
},
{
"name": "CVE-2024-47571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47571"
},
{
"name": "CVE-2024-35275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35275"
},
{
"name": "CVE-2024-47573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47573"
},
{
"name": "CVE-2024-52963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52963"
},
{
"name": "CVE-2023-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37937"
},
{
"name": "CVE-2024-33503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33503"
},
{
"name": "CVE-2024-55593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55593"
},
{
"name": "CVE-2024-48885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48885"
},
{
"name": "CVE-2024-46662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46662"
},
{
"name": "CVE-2024-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27778"
},
{
"name": "CVE-2024-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48893"
},
{
"name": "CVE-2024-47566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47566"
},
{
"name": "CVE-2024-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52969"
},
{
"name": "CVE-2024-35276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35276"
},
{
"name": "CVE-2024-40587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40587"
},
{
"name": "CVE-2024-36512",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36512"
},
{
"name": "CVE-2023-46715",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46715"
},
{
"name": "CVE-2024-36510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36510"
},
{
"name": "CVE-2024-56497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56497"
},
{
"name": "CVE-2024-46665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46665"
},
{
"name": "CVE-2024-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48890"
},
{
"name": "CVE-2024-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21758"
},
{
"name": "CVE-2024-52967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52967"
},
{
"name": "CVE-2023-37936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37936"
},
{
"name": "CVE-2024-46668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46668"
},
{
"name": "CVE-2024-35278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35278"
},
{
"name": "CVE-2024-26012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26012"
},
{
"name": "CVE-2024-46664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46664"
},
{
"name": "CVE-2024-23106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23106"
},
{
"name": "CVE-2024-54021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54021"
},
{
"name": "CVE-2024-46669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46669"
},
{
"name": "CVE-2023-5217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
},
{
"name": "CVE-2023-42785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42785"
},
{
"name": "CVE-2024-36504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36504"
},
{
"name": "CVE-2024-35277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35277"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2024-48886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48886"
},
{
"name": "CVE-2024-50564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50564"
},
{
"name": "CVE-2024-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33502"
},
{
"name": "CVE-2024-45331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45331"
},
{
"name": "CVE-2024-50563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50563"
},
{
"name": "CVE-2024-36506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36506"
},
{
"name": "CVE-2024-46667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46667"
},
{
"name": "CVE-2024-46670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46670"
},
{
"name": "CVE-2024-47572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47572"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0031",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-458"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-285"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-220"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-078"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
},
{
"published_at": "2025-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-189"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-401"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-170"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-476"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-415"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-461"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-266"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-086"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-465"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-210"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-211"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-010"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-216"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-304"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-164"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-310"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-405"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-381"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-417"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-071"
}
]
}
FKIE_CVE-2024-26012
Vulnerability from fkie_nvd - Published: 2025-01-14 14:15 - Updated: 2025-01-31 17:25
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-23-405 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiap | * | |
| fortinet | fortiap | * | |
| fortinet | fortiap-s | * | |
| fortinet | fortiap-w2 | * | |
| fortinet | fortiap-w2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2447B21-5F51-4AB1-BE8A-3B7A982F0595",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "6.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF362E9-2991-4237-ABC3-4AFE64456118",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C00C0CE7-F554-4AF0-AA5F-784A3B910401",
"versionEndExcluding": "6.4.10",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C5655C-992C-40DA-8EC3-EC9D1F202B30",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6521DC83-31B5-4CEF-989B-2D86979140C2",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) en Fortinet FortiAP-S 6.2 todas las versiones y 6.4.0 a 6.4.9, FortiAP-W2 6.4 todas las versiones, 7.0 todas las versiones, 7.2.0 a 7.2.3 y 7.4.0 a 7.4.2, FortiAP 6.4 todas las versiones, 7.0 todas las versiones, 7.2.0 a 7.2.3 y 7.4.0 a 7.4.2 permite que un atacante autenticado local ejecute c\u00f3digo no autorizado a trav\u00e9s de la CLI."
}
],
"id": "CVE-2024-26012",
"lastModified": "2025-01-31T17:25:06.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-14T14:15:28.893",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-405"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-25608
Vulnerability from fkie_nvd - Published: 2023-09-13 13:15 - Updated: 2024-11-21 07:49
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-120 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-120 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BE67AF-5DC9-4942-832F-03BEC88CD2B9",
"versionEndExcluding": "7.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41C213D0-356F-425E-A124-5B72A3AEE54D",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E770699-3997-4E61-A4AD-68D102FCA4B3",
"versionEndExcluding": "5.4.5",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D44BE0A-B671-454C-8B6A-56AA4BA70E60",
"versionEndExcluding": "6.2.6",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "743763F2-D4DE-4E9D-B112-7CA27C61A423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87E0B46B-B76D-4D27-AD6F-E929E362B6E1",
"versionEndIncluding": "7.0.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B602BCD9-47CF-443C-A759-0B8379777768",
"versionEndExcluding": "7.0.6",
"versionStartIncluding": "7.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D26699-16AD-4752-A088-72CF117C98D0",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments."
},
{
"lang": "es",
"value": "Una vulnerabilidad de filtrado incompleto de una o m\u00e1s instancias de elementos especiales [CWE-792] en el int\u00e9rprete de l\u00ednea de comando de FortiAP-W2 7.2.0 a 7.2.1, 7.0.3 a 7.0.5, 7.0.0 a 7.0.1, 6.4 todas las versiones, 6.2 todas las versiones, 6.0 todas las versiones; FortiAP-C 5.4.0 a 5.4.4, 5.2 todas las versiones; FortiAP 7.2.0 a 7.2.1, 7.0.0 a 7.0.5, 6.4 todas las versiones, 6.0 todas las versiones; FortiAP-U 7.0.0, 6.2.0 a 6.2.5, 6.0 todas las versiones, 5.4 todas las versiones puede permitir que un atacante autenticado lea archivos arbitrarios mediante argumentos de comando especialmente manipulados."
}
],
"id": "CVE-2023-25608",
"lastModified": "2024-11-21T07:49:49.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-13T13:15:08.040",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-120"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-792"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-29058
Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 06:58
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-21-163 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-21-163 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiap | * | |
| fortinet | fortiap | * | |
| fortinet | fortiap | * | |
| fortinet | fortiap | 7.2.0 | |
| fortinet | fortiap-s | * | |
| fortinet | fortiap-s | * | |
| fortinet | fortiap-s | * | |
| fortinet | fortiap-u | * | |
| fortinet | fortiap-u | * | |
| fortinet | fortiap-u | * | |
| fortinet | fortiap-w2 | * | |
| fortinet | fortiap-w2 | * | |
| fortinet | fortiap-w2 | * | |
| fortinet | fortiap-w2 | * | |
| fortinet | fortiap-w2 | 7.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2EBA1B-2FFE-4B09-AF81-570161EB6BF3",
"versionEndIncluding": "6.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF13641-3F15-4345-B777-932C827B6EBD",
"versionEndExcluding": "6.4.8",
"versionStartIncluding": "6.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A8CD15-B81E-4E36-943D-FE2D822C30D5",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3A3A70-3B13-40A4-893C-7397BB28F952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F80D4C66-4D1B-4759-844F-9BB508E576EB",
"versionEndIncluding": "6.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95385DA4-11F6-487E-8D46-9DB888EE85CF",
"versionEndIncluding": "6.2.6",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFD96E1-C7EF-4AF1-8E3F-1BB8EA48A401",
"versionEndExcluding": "6.4.8",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEF86D0-7255-4054-8AA7-4AA411C5FE32",
"versionEndIncluding": "5.4.6",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607B4B16-A019-4DB5-A3D5-845B3C81E2CA",
"versionEndIncluding": "6.0.4",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F681257D-8CBE-4B23-9B38-7491876EB68C",
"versionEndExcluding": "6.2.4",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F71CA9D4-236C-4D96-BBA5-24A880BB347D",
"versionEndIncluding": "6.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96495773-F770-4F9C-B760-CD03CE1FDC6C",
"versionEndIncluding": "6.2.6",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA6B411-9438-487B-891E-079C8FB7ECD0",
"versionEndExcluding": "6.4.8",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76F6BD2D-AC3B-4863-A536-D30D87307132",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21B77DBC-6B9F-4EF0-847C-D2BDE123DDE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inapropiada de elementos especiales [CWE-89] usados en una vulnerabilidad de comandos del Sistema Operativo [CWE-78] en el int\u00e9rprete de l\u00ednea de comandos de FortiAP versiones 6.0.0 hasta 6.4.7, 7.0.0 hasta 7.0.3, 7.2.0, FortiAP-S versiones 6.0.0 hasta 6.4. 7, FortiAP-W2 versiones 6.0.0 hasta 6.4.7, 7.0.0 hasta 7.0.3, 7.2.0 y FortiAP-U versiones 5.4.0 hasta 6.2.3, pueden permitir a un atacante autenticado ejecutar comandos no autorizados por medio de argumentos espec\u00edficamente dise\u00f1ados para comandos existentes.\n"
}
],
"id": "CVE-2022-29058",
"lastModified": "2024-11-21T06:58:25.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-06T18:15:13.053",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-163"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-26106
Vulnerability from fkie_nvd - Published: 2021-07-09 19:15 - Updated: 2024-11-21 05:55
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-20-210 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-20-210 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4983FD48-A409-4A40-B936-73719B526FDC",
"versionEndExcluding": "6.4.6",
"versionStartIncluding": "6.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58FFD38C-7193-4118-A0CD-B4D79773F764",
"versionEndExcluding": "6.2.6",
"versionStartIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3835833F-7C94-487C-800B-6E20DF263E79",
"versionEndExcluding": "6.2.6",
"versionStartIncluding": "6.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS Command vulnerability in FortiAP\u0027s console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments."
},
{
"lang": "es",
"value": "Una vulnerabilidad neutralizaci\u00f3n inapropiada de los elementos especiales usados en comandos del Sistema Operativo en la consola de FortiAP versiones 6.4.1 hasta 6.4.5 y versiones 6.2.4 hasta 6.2.5, puede permitir a un atacante autenticado ejecutar comandos no autorizados al ejecutar el comando kdbg CLI con argumentos espec\u00edficamente dise\u00f1ados"
}
],
"id": "CVE-2021-26106",
"lastModified": "2024-11-21T05:55:52.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-09T19:15:08.313",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/advisory/FG-IR-20-210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/advisory/FG-IR-20-210"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-17657
Vulnerability from fkie_nvd - Published: 2020-04-07 18:15 - Updated: 2024-11-21 04:32
Severity ?
Summary
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-19-013 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-19-013 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortianalyzer | * | |
| fortinet | fortiap-s | * | |
| fortinet | fortiap-w2 | * | |
| fortinet | fortimanager | * | |
| fortinet | fortiswitch | * | |
| fortinet | fortiswitch | * | |
| fortinet | fortiswitch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC118F5-8118-4767-A9FB-CCFBB2DFF3F9",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6E6044-AADA-4674-B9DD-7D39D459BAAA",
"versionEndExcluding": "6.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BBB116-CC43-4E5D-AAA7-BFBE1BD26886",
"versionEndExcluding": "6.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9669E6-96CA-4391-8515-2ACB349CF4C2",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05F67FC3-A4F2-48E1-BB1F-36D993958DF5",
"versionEndExcluding": "3.6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "826D813D-CC19-4B72-918E-AFCFA1C0A30E",
"versionEndExcluding": "6.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4A4EE4-D0A7-44A9-931B-577ECDAB808B",
"versionEndExcluding": "6.2.2",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Consumo No Controlado de Recursos en Fortinet FortiSwitch por debajo de las versiones 3.6.11, 6.0.6 y 6.2.2, FortiAnalyzer por debajo de las versiones 6.2.3, FortiManager por debajo de las funciones 6.2.3 y FortiAP-S/W2 por debajo de las versiones 6.2.2, puede permitir a un atacante causar una denegaci\u00f3n de servicio (DoS) de la Interfaz de Usuario Web Administrativa mediante el manejo de peticiones y respuestas HTTP especialmente dise\u00f1adas en partes lentamente, como es demostrado por los Ataques de DoS de HTTP Lento."
}
],
"id": "CVE-2019-17657",
"lastModified": "2024-11-21T04:32:43.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-07T18:15:13.510",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-013"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15708
Vulnerability from fkie_nvd - Published: 2020-03-15 23:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-19-209 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-19-209 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B49D7931-B85F-43CF-A856-CAC551B94484",
"versionEndIncluding": "6.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44FA41F6-6B1E-4296-B221-0AA4AACCBE5D",
"versionEndIncluding": "6.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D024C9D-DB39-408A-B015-3DCC40512C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8F245-922D-42AE-9DF1-A9292A1D97C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB24E73E-8279-44F3-9DA2-76F5B0E5D7D4",
"versionEndIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8279FB-CB12-4C59-901A-D96CE162E855",
"versionEndIncluding": "6.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63F06A65-ADF7-4284-A00C-B5E862441722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3508FA-E206-4377-AE36-DDD6691EA3A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos de sistema en el FortiAP-S/W2 versiones 6.2.1, 6.2.0, 6.0.5 y por debajo, FortiAP versiones 6.0.5 y por debajo y FortiAP-U versiones por debajo de 6.0.0, bajo la consola de administraci\u00f3n de la CLI puede permitir a administradores no autorizados ejecutar comandos arbitrarios a nivel de sistema por medio de comandos ifconfig especialmente dise\u00f1ados ."
}
],
"id": "CVE-2019-15708",
"lastModified": "2024-11-21T04:29:17.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-15T23:15:11.327",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-209"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-26012 (GCVE-0-2024-26012)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:09 – Updated: 2025-01-15 14:56
VLAI?
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiAP-S |
Affected:
6.4.0 , ≤ 6.4.9
(semver)
Affected: 6.2.0 , ≤ 6.2.6 (semver) cpe:2.3:a:fortinet:fortiap-s:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T14:56:09.448550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T14:56:20.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiap-s:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAP-S",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiAP-W2",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAP",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:09:54.124Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-405",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-405"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiAP-S version 6.4.10 or above \nPlease upgrade to FortiAP-W2 version 7.4.3 or above \nPlease upgrade to FortiAP-W2 version 7.2.4 or above \nPlease upgrade to FortiAP version 7.4.3 or above \nPlease upgrade to FortiAP version 7.2.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-26012",
"datePublished": "2025-01-14T14:09:54.124Z",
"dateReserved": "2024-02-14T09:18:43.246Z",
"dateUpdated": "2025-01-15T14:56:20.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25608 (GCVE-0-2023-25608)
Vulnerability from cvelistv5 – Published: 2023-09-13 12:28 – Updated: 2024-09-24 20:00
VLAI?
Summary
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.
Severity ?
CWE
- CWE-792 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiAP-W2 |
Affected:
7.2.0 , ≤ 7.2.1
(semver)
Affected: 7.0.3 , ≤ 7.0.5 (semver) Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 6.4.0 , ≤ 6.4.9 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) Affected: 6.0.0 , ≤ 6.0.6 (semver) |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-120",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-120"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:45:36.151614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:00:10.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiAP-W2",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.6",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiAP-C",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.4.4",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.1",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiAP",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.6",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiAP-U",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"lessThanOrEqual": "6.2.5",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.6",
"status": "affected",
"version": "5.4.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiAP-S",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.6",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-792",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T12:28:51.497Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-120",
"url": "https://fortiguard.com/psirt/FG-IR-22-120"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiAP-W2 version 7.2.2 or above Please upgrade to FortiAP-W2 version 7.0.6 or above Please upgrade to FortiAP-C version 5.4.5 or above Please upgrade to FortiAP version 7.2.2 or above Please upgrade to FortiAP version 7.0.6 or above Please upgrade to FortiAP-U version 7.0.1 or above Please upgrade to FortiAP-U version 6.2.6 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-25608",
"datePublished": "2023-09-13T12:28:51.497Z",
"dateReserved": "2023-02-08T13:42:03.367Z",
"dateUpdated": "2024-09-24T20:00:10.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29058 (GCVE-0-2022-29058)
Vulnerability from cvelistv5 – Published: 2022-09-06 15:10 – Updated: 2024-10-25 13:30
VLAI?
Summary
An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
Severity ?
CWE
- Execute unauthorized code or commands
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiAP, FortiAP-S, FortiAP-W2, FortiAP-U |
Affected:
FortiAP-U 5.4.0 through 6.2.3; FortiAP-S 6.0.0 through 6.4.7; FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0; FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:59.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-163"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:12:24.249054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:30:21.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiAP, FortiAP-S, FortiAP-W2, FortiAP-U",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiAP-U 5.4.0 through 6.2.3; FortiAP-S 6.0.0 through 6.4.7; FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0; FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "FUNCTIONAL",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.6,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T15:10:15",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2022-29058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAP, FortiAP-S, FortiAP-W2, FortiAP-U",
"version": {
"version_data": [
{
"version_value": "FortiAP-U 5.4.0 through 6.2.3; FortiAP-S 6.0.0 through 6.4.7; FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0; FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0."
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-163",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-21-163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-29058",
"datePublished": "2022-09-06T15:10:15",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-10-25T13:30:21.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26106 (GCVE-0-2021-26106)
Vulnerability from cvelistv5 – Published: 2021-07-09 18:26 – Updated: 2024-10-25 13:56
VLAI?
Summary
An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments.
Severity ?
7.8 (High)
CWE
- Execute unauthorized code or commands
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiAP-W2, FortiAP-S, FortiAP |
Affected:
FortiAP-W2 6.2.4 through 6.2.5; FortiAP-S 6.2.4 through 6.2.5; FortiAP 6.4.1 through 6.4.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-20-210"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:13:42.961833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:56:41.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiAP-W2, FortiAP-S, FortiAP",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiAP-W2 6.2.4 through 6.2.5; FortiAP-S 6.2.4 through 6.2.5; FortiAP 6.4.1 through 6.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS Command vulnerability in FortiAP\u0027s console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T18:26:30",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-20-210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2021-26106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAP-W2, FortiAP-S, FortiAP",
"version": {
"version_data": [
{
"version_value": "FortiAP-W2 6.2.4 through 6.2.5; FortiAP-S 6.2.4 through 6.2.5; FortiAP 6.4.1 through 6.4.5"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper neutralization of special elements used in an OS Command vulnerability in FortiAP\u0027s console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-20-210",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-20-210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-26106",
"datePublished": "2021-07-09T18:26:30",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-10-25T13:56:41.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17657 (GCVE-0-2019-17657)
Vulnerability from cvelistv5 – Published: 2020-04-07 17:11 – Updated: 2024-10-25 14:25
VLAI?
Summary
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
Severity ?
No CVSS data available.
CWE
- Denial of service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | Fortinet FortiSwitch |
Affected:
below 3.6.11
Affected: 6.0.6 and 6.2.2 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-013"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-17657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:09:50.087531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:25:34.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiSwitch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "below 3.6.11"
},
{
"status": "affected",
"version": "6.0.6 and 6.2.2"
}
]
},
{
"product": "FortiAnalyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "below 6.2.3"
}
]
},
{
"product": "FortiManager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "below 6.2.3"
}
]
},
{
"product": "FortiAP-S/W2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "below 6.2.2"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T17:11:07",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-17657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiSwitch",
"version": {
"version_data": [
{
"version_value": "below 3.6.11"
},
{
"version_value": "6.0.6 and 6.2.2"
}
]
}
},
{
"product_name": "FortiAnalyzer",
"version": {
"version_data": [
{
"version_value": "below 6.2.3"
}
]
}
},
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_value": "below 6.2.3"
}
]
}
},
{
"product_name": "FortiAP-S/W2",
"version": {
"version_data": [
{
"version_value": "below 6.2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-19-013",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-19-013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-17657",
"datePublished": "2020-04-07T17:11:07",
"dateReserved": "2019-10-16T00:00:00",
"dateUpdated": "2024-10-25T14:25:34.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15708 (GCVE-0-2019-15708)
Vulnerability from cvelistv5 – Published: 2020-03-15 22:27 – Updated: 2024-10-25 14:25
VLAI?
Summary
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
Severity ?
No CVSS data available.
CWE
- Execute unauthorized code or commands
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | Fortinet FortiAP-S/W2 |
Affected:
6.2.1
Affected: 6.2.0 Affected: 6.0.5 and below |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-209"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:38.903696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:25:55.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiAP-S/W2",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.0.5 and below"
}
]
},
{
"product": "Fortinet FortiAP-U",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.0.5 and below"
}
]
},
{
"product": "Fortinet FortiAP",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "below 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T22:27:49",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-209"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-15708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAP-S/W2",
"version": {
"version_data": [
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "6.0.5 and below"
}
]
}
},
{
"product_name": "Fortinet FortiAP-U",
"version": {
"version_data": [
{
"version_value": "6.0.5 and below"
}
]
}
},
{
"product_name": "Fortinet FortiAP",
"version": {
"version_data": [
{
"version_value": "below 6.0.0"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-19-209",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-19-209"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-15708",
"datePublished": "2020-03-15T22:27:49",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-10-25T14:25:55.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26012 (GCVE-0-2024-26012)
Vulnerability from nvd – Published: 2025-01-14 14:09 – Updated: 2025-01-15 14:56
VLAI?
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiAP-S |
Affected:
6.4.0 , ≤ 6.4.9
(semver)
Affected: 6.2.0 , ≤ 6.2.6 (semver) cpe:2.3:a:fortinet:fortiap-s:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T14:56:09.448550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T14:56:20.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiap-s:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAP-S",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiAP-W2",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAP",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:09:54.124Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-405",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-405"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiAP-S version 6.4.10 or above \nPlease upgrade to FortiAP-W2 version 7.4.3 or above \nPlease upgrade to FortiAP-W2 version 7.2.4 or above \nPlease upgrade to FortiAP version 7.4.3 or above \nPlease upgrade to FortiAP version 7.2.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-26012",
"datePublished": "2025-01-14T14:09:54.124Z",
"dateReserved": "2024-02-14T09:18:43.246Z",
"dateUpdated": "2025-01-15T14:56:20.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25608 (GCVE-0-2023-25608)
Vulnerability from nvd – Published: 2023-09-13 12:28 – Updated: 2024-09-24 20:00
VLAI?
Summary
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.
Severity ?
CWE
- CWE-792 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiAP-W2 |
Affected:
7.2.0 , ≤ 7.2.1
(semver)
Affected: 7.0.3 , ≤ 7.0.5 (semver) Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 6.4.0 , ≤ 6.4.9 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) Affected: 6.0.0 , ≤ 6.0.6 (semver) |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-120",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-120"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:45:36.151614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:00:10.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiAP-W2",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.6",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiAP-C",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.4.4",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.1",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiAP",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.6",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiAP-U",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"lessThanOrEqual": "6.2.5",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.6",
"status": "affected",
"version": "5.4.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiAP-S",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.6",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-792",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T12:28:51.497Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-120",
"url": "https://fortiguard.com/psirt/FG-IR-22-120"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiAP-W2 version 7.2.2 or above Please upgrade to FortiAP-W2 version 7.0.6 or above Please upgrade to FortiAP-C version 5.4.5 or above Please upgrade to FortiAP version 7.2.2 or above Please upgrade to FortiAP version 7.0.6 or above Please upgrade to FortiAP-U version 7.0.1 or above Please upgrade to FortiAP-U version 6.2.6 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-25608",
"datePublished": "2023-09-13T12:28:51.497Z",
"dateReserved": "2023-02-08T13:42:03.367Z",
"dateUpdated": "2024-09-24T20:00:10.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29058 (GCVE-0-2022-29058)
Vulnerability from nvd – Published: 2022-09-06 15:10 – Updated: 2024-10-25 13:30
VLAI?
Summary
An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
Severity ?
CWE
- Execute unauthorized code or commands
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiAP, FortiAP-S, FortiAP-W2, FortiAP-U |
Affected:
FortiAP-U 5.4.0 through 6.2.3; FortiAP-S 6.0.0 through 6.4.7; FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0; FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:59.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-163"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:12:24.249054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:30:21.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiAP, FortiAP-S, FortiAP-W2, FortiAP-U",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiAP-U 5.4.0 through 6.2.3; FortiAP-S 6.0.0 through 6.4.7; FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0; FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "FUNCTIONAL",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.6,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T15:10:15",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2022-29058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAP, FortiAP-S, FortiAP-W2, FortiAP-U",
"version": {
"version_data": [
{
"version_value": "FortiAP-U 5.4.0 through 6.2.3; FortiAP-S 6.0.0 through 6.4.7; FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0; FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0."
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-163",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-21-163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-29058",
"datePublished": "2022-09-06T15:10:15",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-10-25T13:30:21.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26106 (GCVE-0-2021-26106)
Vulnerability from nvd – Published: 2021-07-09 18:26 – Updated: 2024-10-25 13:56
VLAI?
Summary
An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments.
Severity ?
7.8 (High)
CWE
- Execute unauthorized code or commands
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiAP-W2, FortiAP-S, FortiAP |
Affected:
FortiAP-W2 6.2.4 through 6.2.5; FortiAP-S 6.2.4 through 6.2.5; FortiAP 6.4.1 through 6.4.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-20-210"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:13:42.961833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:56:41.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiAP-W2, FortiAP-S, FortiAP",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiAP-W2 6.2.4 through 6.2.5; FortiAP-S 6.2.4 through 6.2.5; FortiAP 6.4.1 through 6.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS Command vulnerability in FortiAP\u0027s console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T18:26:30",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-20-210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2021-26106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAP-W2, FortiAP-S, FortiAP",
"version": {
"version_data": [
{
"version_value": "FortiAP-W2 6.2.4 through 6.2.5; FortiAP-S 6.2.4 through 6.2.5; FortiAP 6.4.1 through 6.4.5"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper neutralization of special elements used in an OS Command vulnerability in FortiAP\u0027s console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-20-210",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-20-210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-26106",
"datePublished": "2021-07-09T18:26:30",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-10-25T13:56:41.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17657 (GCVE-0-2019-17657)
Vulnerability from nvd – Published: 2020-04-07 17:11 – Updated: 2024-10-25 14:25
VLAI?
Summary
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
Severity ?
No CVSS data available.
CWE
- Denial of service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | Fortinet FortiSwitch |
Affected:
below 3.6.11
Affected: 6.0.6 and 6.2.2 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-013"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-17657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:09:50.087531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:25:34.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiSwitch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "below 3.6.11"
},
{
"status": "affected",
"version": "6.0.6 and 6.2.2"
}
]
},
{
"product": "FortiAnalyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "below 6.2.3"
}
]
},
{
"product": "FortiManager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "below 6.2.3"
}
]
},
{
"product": "FortiAP-S/W2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "below 6.2.2"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T17:11:07",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-17657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiSwitch",
"version": {
"version_data": [
{
"version_value": "below 3.6.11"
},
{
"version_value": "6.0.6 and 6.2.2"
}
]
}
},
{
"product_name": "FortiAnalyzer",
"version": {
"version_data": [
{
"version_value": "below 6.2.3"
}
]
}
},
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_value": "below 6.2.3"
}
]
}
},
{
"product_name": "FortiAP-S/W2",
"version": {
"version_data": [
{
"version_value": "below 6.2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-19-013",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-19-013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-17657",
"datePublished": "2020-04-07T17:11:07",
"dateReserved": "2019-10-16T00:00:00",
"dateUpdated": "2024-10-25T14:25:34.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15708 (GCVE-0-2019-15708)
Vulnerability from nvd – Published: 2020-03-15 22:27 – Updated: 2024-10-25 14:25
VLAI?
Summary
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
Severity ?
No CVSS data available.
CWE
- Execute unauthorized code or commands
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | Fortinet FortiAP-S/W2 |
Affected:
6.2.1
Affected: 6.2.0 Affected: 6.0.5 and below |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-209"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:38.903696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:25:55.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiAP-S/W2",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.0.5 and below"
}
]
},
{
"product": "Fortinet FortiAP-U",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.0.5 and below"
}
]
},
{
"product": "Fortinet FortiAP",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "below 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T22:27:49",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-209"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-15708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAP-S/W2",
"version": {
"version_data": [
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "6.0.5 and below"
}
]
}
},
{
"product_name": "Fortinet FortiAP-U",
"version": {
"version_data": [
{
"version_value": "6.0.5 and below"
}
]
}
},
{
"product_name": "Fortinet FortiAP",
"version": {
"version_data": [
{
"version_value": "below 6.0.0"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-19-209",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-19-209"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-15708",
"datePublished": "2020-03-15T22:27:49",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-10-25T14:25:55.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202209-0418
Vulnerability from variot - Updated: 2023-12-18 13:55An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. FortiAP , FortiAP-S , FortiAP-U Fortinet products such as SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-0418",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiap-w2",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortiap",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.8"
},
{
"model": "fortiap-w2",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortiap-s",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.0"
},
{
"model": "fortiap-u",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortiap-u",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.4.6"
},
{
"model": "fortiap",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.6"
},
{
"model": "fortiap-u",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.4"
},
{
"model": "fortiap-w2",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.4"
},
{
"model": "fortiap-w2",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.6"
},
{
"model": "fortiap",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortiap-u",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.4"
},
{
"model": "fortiap-w2",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.0"
},
{
"model": "fortiap",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.4"
},
{
"model": "fortiap-s",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.6"
},
{
"model": "fortiap-w2",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortiap-s",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortiap-s",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortiap-s",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.8"
},
{
"model": "fortiap-s",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.6"
},
{
"model": "fortiap-u",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.0"
},
{
"model": "fortiap-w2",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortiap-u",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"model": "fortiap-w2",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.8"
},
{
"model": "fortiap",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.3"
},
{
"model": "fortiap",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortiap-w2",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.6"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-u 6.2.0 that\u0027s all 6.2.4"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-w2 7.0.0 that\u0027s all 7.0.4"
},
{
"model": "fortiap-w2",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "6.4.0 that\u0027s all 6.4.8"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-w2 6.4.0 that\u0027s all 6.4.8"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-u 5.4.0 to 5.4.6"
},
{
"model": "fortiap-w2",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "7.0.0 that\u0027s all 7.0.4"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "7.2.0"
},
{
"model": "fortiap-w2",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "6.0.0 to 6.0.6"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-w2 6.0.0 to 6.0.6"
},
{
"model": "fortiap-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-w2 7.2.0"
},
{
"model": "fortiap-u",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-u 6.0.0 to 6.0.4"
},
{
"model": "fortiap-w2",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "7.2.0"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-s 6.4.0 that\u0027s all 6.4.8"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-w2 6.2.0 to 6.2.6"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "6.4.3 that\u0027s all 6.4.8"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-s 6.0.0 to 6.0.6"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "-s 6.2.0 to 6.2.6"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "7.0.0 that\u0027s all 7.0.4"
},
{
"model": "fortiap-w2",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "6.2.0 to 6.2.6"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "6.0.0 to 6.0.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019305"
},
{
"db": "NVD",
"id": "CVE-2022-29058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.4",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.4",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.6",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.8",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.6",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.8",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.6",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.8",
"versionStartIncluding": "6.4.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29058"
}
]
},
"cve": "CVE-2022-29058",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-29058",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-29058",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-29058",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-322",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019305"
},
{
"db": "NVD",
"id": "CVE-2022-29058"
},
{
"db": "NVD",
"id": "CVE-2022-29058"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. FortiAP , FortiAP-S , FortiAP-U Fortinet products such as SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29058"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019305"
},
{
"db": "VULHUB",
"id": "VHN-420592"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29058",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019305",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202209-322",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-420592",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420592"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019305"
},
{
"db": "NVD",
"id": "CVE-2022-29058"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-322"
}
]
},
"id": "VAR-202209-0418",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-420592"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:55:19.107000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-21-163",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-21-163"
},
{
"title": "Multiple Fortinet product SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=207208"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019305"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420592"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019305"
},
{
"db": "NVD",
"id": "CVE-2022-29058"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-21-163"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29058"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29058/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420592"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019305"
},
{
"db": "NVD",
"id": "CVE-2022-29058"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-420592"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019305"
},
{
"db": "NVD",
"id": "CVE-2022-29058"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-420592"
},
{
"date": "2023-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019305"
},
{
"date": "2022-09-06T18:15:13.053000",
"db": "NVD",
"id": "CVE-2022-29058"
},
{
"date": "2022-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-420592"
},
{
"date": "2023-10-25T05:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-019305"
},
{
"date": "2022-09-09T15:33:48.237000",
"db": "NVD",
"id": "CVE-2022-29058"
},
{
"date": "2022-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "across multiple Fortinet products. \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019305"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-322"
}
],
"trust": 0.6
}
}
VAR-202003-0930
Vulnerability from variot - Updated: 2023-12-18 12:43A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. plural FortiAP The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An operating system command injection vulnerability exists in Fortinet FortiAP. The following products and versions are affected: FortiAP-S/W2 versions prior to 6.2.2, versions prior to 6.0.6; FortiAP versions prior to 6.0.5; FortiAP-U versions prior to 6.0.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0930",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiap-s",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "6.2.0"
},
{
"model": "fortiap-s",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "6.2.1"
},
{
"model": "fortiap-w2",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "6.2.0"
},
{
"model": "fortiap-w2",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "6.2.1"
},
{
"model": "fortiap",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.5"
},
{
"model": "fortiap-u",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortiap-s",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.5"
},
{
"model": "fortiap-w2",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.5"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.0.5"
},
{
"model": "fortiap-s",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.0.5"
},
{
"model": "fortiap-u",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortiap-w2",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.0.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015067"
},
{
"db": "NVD",
"id": "CVE-2019-15708"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:6.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:6.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15708"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NYC Cyber Command",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-600"
}
],
"trust": 0.6
},
"cve": "CVE-2019-15708",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-015067",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-147781",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015067",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15708",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015067",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-600",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-147781",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147781"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015067"
},
{
"db": "NVD",
"id": "CVE-2019-15708"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-600"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. plural FortiAP The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An operating system command injection vulnerability exists in Fortinet FortiAP. The following products and versions are affected: FortiAP-S/W2 versions prior to 6.2.2, versions prior to 6.0.6; FortiAP versions prior to 6.0.5; FortiAP-U versions prior to 6.0.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15708"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015067"
},
{
"db": "VULHUB",
"id": "VHN-147781"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15708",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015067",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-600",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0478",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-147781",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147781"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015067"
},
{
"db": "NVD",
"id": "CVE-2019-15708"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-600"
}
]
},
"id": "VAR-202003-0930",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147781"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:04.169000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-19-209",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-19-209"
},
{
"title": "Fortinet FortiAP Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112187"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015067"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-600"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147781"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015067"
},
{
"db": "NVD",
"id": "CVE-2019-15708"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-19-209"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15708"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15708"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/ fg-ir-19-209"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0478/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147781"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015067"
},
{
"db": "NVD",
"id": "CVE-2019-15708"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-600"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147781"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015067"
},
{
"db": "NVD",
"id": "CVE-2019-15708"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-600"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-147781"
},
{
"date": "2020-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015067"
},
{
"date": "2020-03-15T23:15:11.327000",
"db": "NVD",
"id": "CVE-2019-15708"
},
{
"date": "2020-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-600"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-147781"
},
{
"date": "2020-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015067"
},
{
"date": "2020-03-19T20:21:29.067000",
"db": "NVD",
"id": "CVE-2019-15708"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-600"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-600"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural FortiAP In the product OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-600"
}
],
"trust": 0.6
}
}
VAR-202004-0815
Vulnerability from variot - Updated: 2023-12-18 12:27An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. plural Fortinet The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Fortinet, FortiOS, etc. are all products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. A resource management error vulnerability exists in several Fortinet FortiGuard products due to uncontrolled resource consumption. The following products and versions are affected: Fortinet FortiGuard FortiOS 6.2.2 and earlier; Fortinet FortiGuard FortiSwitch 3.6.11, FortiSwitch 6.0.6, FortiSwitch 6.2.2; Fortinet FortiGuard FortiAnalyzer 6.2.3 earlier; Fortinet FortiGuard FortiManager 6.2 .3 prior; Fortinet FortiGuard FortiAP-S/W2 prior to 6.2.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0815",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortiswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.2"
},
{
"model": "fortiap-s",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.2"
},
{
"model": "fortiswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.0"
},
{
"model": "fortimanager",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.3"
},
{
"model": "fortiap-w2",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.2"
},
{
"model": "fortiswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.6"
},
{
"model": "fortianalyzer",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.3"
},
{
"model": "fortiswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.6.11"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.2.3"
},
{
"model": "fortiap-s",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.2.2"
},
{
"model": "fortiap-w2",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.2.2"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.2.3"
},
{
"model": "fortiswitch",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "3.6.11"
},
{
"model": "fortiswitch",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.0.6"
},
{
"model": "fortiswitch",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.2.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015282"
},
{
"db": "NVD",
"id": "CVE-2019-17657"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.6.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.2",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17657"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Kolegov,Maxim Gorbunov,Anton Nikolaev,Nikita Oleksov",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-298"
}
],
"trust": 0.6
},
"cve": "CVE-2019-17657",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015282",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-149925",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-015282",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-17657",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015282",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-298",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-149925",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149925"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015282"
},
{
"db": "NVD",
"id": "CVE-2019-17657"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-298"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. plural Fortinet The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Fortinet, FortiOS, etc. are all products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. A resource management error vulnerability exists in several Fortinet FortiGuard products due to uncontrolled resource consumption. The following products and versions are affected: Fortinet FortiGuard FortiOS 6.2.2 and earlier; Fortinet FortiGuard FortiSwitch 3.6.11, FortiSwitch 6.0.6, FortiSwitch 6.2.2; Fortinet FortiGuard FortiAnalyzer 6.2.3 earlier; Fortinet FortiGuard FortiManager 6.2 .3 prior; Fortinet FortiGuard FortiAP-S/W2 prior to 6.2.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17657"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015282"
},
{
"db": "VULHUB",
"id": "VHN-149925"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17657",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015282",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-298",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0403",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149925",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149925"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015282"
},
{
"db": "NVD",
"id": "CVE-2019-17657"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-298"
}
]
},
"id": "VAR-202004-0815",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-149925"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:27:32.379000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-19-013",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-19-013"
},
{
"title": "Multiple Fortinet Product resource management error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110681"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015282"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-298"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149925"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015282"
},
{
"db": "NVD",
"id": "CVE-2019-17657"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-19-013"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17657"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17657"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0403/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fortios-fortianalyzer-fortimanager-denial-of-service-via-slow-http-31506"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149925"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015282"
},
{
"db": "NVD",
"id": "CVE-2019-17657"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-298"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-149925"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015282"
},
{
"db": "NVD",
"id": "CVE-2019-17657"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-298"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-149925"
},
{
"date": "2020-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015282"
},
{
"date": "2020-04-07T18:15:13.510000",
"db": "NVD",
"id": "CVE-2019-17657"
},
{
"date": "2020-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-298"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-149925"
},
{
"date": "2020-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015282"
},
{
"date": "2020-04-08T19:18:03.237000",
"db": "NVD",
"id": "CVE-2019-17657"
},
{
"date": "2020-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-298"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-298"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Fortinet Product exhaustion vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015282"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-298"
}
],
"trust": 0.6
}
}
VAR-202107-1088
Vulnerability from variot - Updated: 2023-12-18 11:07An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. Fortinet FortiAP is a controller used to manage wireless access point devices from Fortinet.
Fortinet FortiAP has a security vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiap",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.6"
},
{
"model": "fortiap-w2",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.6"
},
{
"model": "fortiap",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.1"
},
{
"model": "fortiap-s",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.6"
},
{
"model": "fortiap-s",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.4"
},
{
"model": "fortiap-w2",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.4"
},
{
"model": "fortiap",
"scope": "gte",
"trust": 0.6,
"vendor": "fortinet",
"version": "6.4.1,\u003c=6.4.5"
},
{
"model": "fortiap",
"scope": "gte",
"trust": 0.6,
"vendor": "fortinet",
"version": "6.2.4,\u003c=6.2.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-50167"
},
{
"db": "NVD",
"id": "CVE-2021-26106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.6",
"versionStartIncluding": "6.4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.6",
"versionStartIncluding": "6.2.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.6",
"versionStartIncluding": "6.2.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26106"
}
]
},
"cve": "CVE-2021-26106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-50167",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-385070",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-26106",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-26106",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-26106",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-50167",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-560",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-385070",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-26106",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-50167"
},
{
"db": "VULHUB",
"id": "VHN-385070"
},
{
"db": "VULMON",
"id": "CVE-2021-26106"
},
{
"db": "NVD",
"id": "CVE-2021-26106"
},
{
"db": "NVD",
"id": "CVE-2021-26106"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-560"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper neutralization of special elements used in an OS Command vulnerability in FortiAP\u0027s console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. Fortinet FortiAP is a controller used to manage wireless access point devices from Fortinet. \n\r\n\r\nFortinet FortiAP has a security vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26106"
},
{
"db": "CNVD",
"id": "CNVD-2021-50167"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-385070"
},
{
"db": "VULMON",
"id": "CVE-2021-26106"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-26106",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2021-50167",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2383",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-560",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-385070",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-26106",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-50167"
},
{
"db": "VULHUB",
"id": "VHN-385070"
},
{
"db": "VULMON",
"id": "CVE-2021-26106"
},
{
"db": "NVD",
"id": "CVE-2021-26106"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-560"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202107-1088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-50167"
},
{
"db": "VULHUB",
"id": "VHN-385070"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-50167"
}
]
},
"last_update_date": "2023-12-18T11:07:55.676000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Fortinet FortiAP OS command vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/278886"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-50167"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-385070"
},
{
"db": "NVD",
"id": "CVE-2021-26106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/advisory/fg-ir-20-210"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26106"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2383"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-50167"
},
{
"db": "VULHUB",
"id": "VHN-385070"
},
{
"db": "VULMON",
"id": "CVE-2021-26106"
},
{
"db": "NVD",
"id": "CVE-2021-26106"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-560"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-50167"
},
{
"db": "VULHUB",
"id": "VHN-385070"
},
{
"db": "VULMON",
"id": "CVE-2021-26106"
},
{
"db": "NVD",
"id": "CVE-2021-26106"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-560"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-50167"
},
{
"date": "2021-07-09T00:00:00",
"db": "VULHUB",
"id": "VHN-385070"
},
{
"date": "2021-07-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-26106"
},
{
"date": "2021-07-09T19:15:08.313000",
"db": "NVD",
"id": "CVE-2021-26106"
},
{
"date": "2021-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-560"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-50167"
},
{
"date": "2021-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-385070"
},
{
"date": "2021-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-26106"
},
{
"date": "2021-07-12T13:29:34.657000",
"db": "NVD",
"id": "CVE-2021-26106"
},
{
"date": "2021-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-560"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-560"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiAP OS command vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-50167"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-560"
}
],
"trust": 0.6
}
}