Search criteria
49 vulnerabilities found for FortiDeceptor by Fortinet
FKIE_CVE-2024-35280
Vulnerability from fkie_nvd - Published: 2025-01-15 11:15 - Updated: 2025-02-03 20:55
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-010 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortideceptor | * | |
| fortinet | fortideceptor | 5.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F75A3F8D-C36D-4F91-ACC3-00AF611950DE",
"versionEndExcluding": "5.2.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85A82BF-DCB3-4E8B-A2A3-6F23F11FFB00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints"
},
{
"lang": "es",
"value": " Una neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\"cross-site scripting\") en Fortinet FortiDeceptor 3.x todas las versiones, 4.x todas las versiones, 5.0 todas las versiones, 5.1 todas las versiones, versi\u00f3n 5.2.0 y versi\u00f3n 5.3.0 puede permitir que un atacante realice un ataque de cross-site scripting reflejado en los endpoints de recuperaci\u00f3n."
}
],
"id": "CVE-2024-35280",
"lastModified": "2025-02-03T20:55:26.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-15T11:15:09.087",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-45326
Vulnerability from fkie_nvd - Published: 2025-01-14 14:15 - Updated: 2025-01-31 16:36
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
AnĀ Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-285 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortideceptor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19ED7397-1BD2-4C31-AA38-044A316CDD93",
"versionEndExcluding": "6.0.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiDeceptor versi\u00f3n 6.0.0, versi\u00f3n 5.3.3 y anteriores, versi\u00f3n 5.2.1 y anteriores, versi\u00f3n 5.1.0, versi\u00f3n 5.0.0 puede permitir que un atacante autenticado sin privilegios realice operaciones en el dispositivo de administraci\u00f3n central a trav\u00e9s de solicitudes manipuladas."
}
],
"id": "CVE-2024-45326",
"lastModified": "2025-01-31T16:36:15.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-14T14:15:31.183",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-27487
Vulnerability from fkie_nvd - Published: 2023-04-11 17:15 - Updated: 2024-11-21 06:55
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-056 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-056 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortideceptor | * | |
| fortinet | fortideceptor | * | |
| fortinet | fortideceptor | 4.1.0 | |
| fortinet | fortisandbox | * | |
| fortinet | fortisandbox | * | |
| fortinet | fortisandbox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B4357A-55DD-498F-B4B2-68A77285612B",
"versionEndExcluding": "3.3.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16BF9690-3D39-4FCC-A314-68C17E1E0892",
"versionEndIncluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48655ECC-C9A9-4AD9-993B-7B2965E9266F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C67A05-44FD-462B-BC47-2EAE11358063",
"versionEndExcluding": "3.2.4",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD1B101-4071-480C-AF8A-AE66FF92D589",
"versionEndExcluding": "4.0.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C401836-2D68-4CA3-8735-D9EC9DDB15F6",
"versionEndExcluding": "4.2.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests."
}
],
"id": "CVE-2022-27487",
"lastModified": "2024-11-21T06:55:49.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-11T17:15:07.193",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-056"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26209
Vulnerability from fkie_nvd - Published: 2023-03-09 15:15 - Updated: 2024-11-21 07:50
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sendingĀ numerous HTTP requests to the login form.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-20-078 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-20-078 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortideceptor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3552EB07-FD6F-499D-BF18-DB4365FAAF57",
"versionEndExcluding": "3.2.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending\u00a0numerous HTTP requests to the login form."
}
],
"id": "CVE-2023-26209",
"lastModified": "2024-11-21T07:50:55.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-09T15:15:09.720",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-078"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-30305
Vulnerability from fkie_nvd - Published: 2022-12-06 17:15 - Updated: 2024-11-21 07:02
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-21-170 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-21-170 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortideceptor | * | |
| fortinet | fortideceptor | * | |
| fortinet | fortideceptor | * | |
| fortinet | fortideceptor | * | |
| fortinet | fortideceptor | 3.1.0 | |
| fortinet | fortideceptor | 3.1.1 | |
| fortinet | fortideceptor | 4.1.0 | |
| fortinet | fortideceptor | 4.1.1 | |
| fortinet | fortideceptor | 4.2.0 | |
| fortinet | fortisandbox | * | |
| fortinet | fortisandbox | * | |
| fortinet | fortisandbox | 3.2.0 | |
| fortinet | fortisandbox | 3.2.1 | |
| fortinet | fortisandbox | 3.2.2 | |
| fortinet | fortisandbox | 3.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A6C490-83C0-439C-BC36-157D732F362B",
"versionEndIncluding": "3.0.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD1D0126-C1C4-4F76-A78F-F0BEC7B3EB0C",
"versionEndIncluding": "3.2.2",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "840D39F9-C790-4AF6-9E9D-2299083C008A",
"versionEndIncluding": "3.3.3",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16BF9690-3D39-4FCC-A314-68C17E1E0892",
"versionEndIncluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67A22BDE-857F-4A92-A027-38C4A6D6144D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB5762A-D14A-4F7F-A9DA-1979FFFBF1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48655ECC-C9A9-4AD9-993B-7B2965E9266F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CF71B3-7E56-4D31-BE5D-682D553249BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3F4599-8FB1-40AF-96A9-11B58DE44C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C47A3DB-A02A-488D-B0E1-867A19CE43B8",
"versionEndIncluding": "3.1.5",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30CE4EF6-1AC0-49A2-BC7B-43D1B453DC3B",
"versionEndIncluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDB3490-E30F-45CC-81B7-EFB5C1A60DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "143DD85B-4CE7-409D-B215-6069D2EF33D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53070F6A-CC5B-43C9-96F9-2C0930A8D3CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B38F72A-A271-43FE-8FBF-02AB87BA9D47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts."
},
{
"lang": "es",
"value": "Una vulnerabilidad de registro insuficiente [CWE-778] en las versiones 4.0.0 a 4.0.2, 3.2.0 a 3.2.3 y 3.1.0 a 3.1.5 de FortiSandbox y las versiones 4.2.0, 4.1.0 a 4.1.1 de FortiDeceptor. 4.0.0 a 4.0.2, 3.3.0 a 3.3.3, 3.2.0 a 3.2.2, 3.1.0 a 3.1.1 y 3.0.0 a 3.0.2 pueden permitir que un atacante remoto ingrese repetidamente credenciales incorrectas sin generar una entrada de registro y sin l\u00edmite en el n\u00famero de intentos fallidos de autenticaci\u00f3n."
}
],
"id": "CVE-2022-30305",
"lastModified": "2024-11-21T07:02:32.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-06T17:15:10.660",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-170"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-778"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-307"
},
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-38373
Vulnerability from fkie_nvd - Published: 2022-11-02 12:15 - Updated: 2024-11-21 07:16
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-331 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-331 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortideceptor | 4.0.2 | |
| fortinet | fortideceptor | 4.1.0 | |
| fortinet | fortideceptor | 4.1.1 | |
| fortinet | fortideceptor | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D76D269-CEDA-4986-A3EF-90711E7C6055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48655ECC-C9A9-4AD9-993B-7B2965E9266F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CF71B3-7E56-4D31-BE5D-682D553249BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3F4599-8FB1-40AF-96A9-11B58DE44C95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de la vulnerabilidad de entrada durante la generaci\u00f3n de p\u00e1ginas web [CWE-79] en la interfaz de administraci\u00f3n de FortiDeceptor 4.2.0, 4.1.0 a 4.1.1, 4.0.2 puede permitir que un usuario autenticado realice un ataque de cross site scripting (XSS) a trav\u00e9s de enviar solicitudes con una ID de recurso de lure especialmente manipulado."
}
],
"id": "CVE-2022-38373",
"lastModified": "2024-11-21T07:16:20.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-02T12:15:54.067",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-331"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-35280 (GCVE-0-2024-35280)
Vulnerability from cvelistv5 ā Published: 2025-01-15 10:07 ā Updated: 2025-01-15 14:45
VLAI?
Summary
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDeceptor |
Affected:
5.3.0
Affected: 5.2.0 Affected: 5.1.0 Affected: 5.0.0 Affected: 4.3.0 Affected: 4.2.0 Affected: 4.1.0 , ā¤ 4.1.1 (semver) Affected: 4.0.0 , ā¤ 4.0.2 (semver) Affected: 3.3.0 , ā¤ 3.3.3 (semver) Affected: 3.2.0 , ā¤ 3.2.2 (semver) Affected: 3.1.0 , ā¤ 3.1.1 (semver) Affected: 3.0.0 , ā¤ 3.0.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T14:44:56.156689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T14:45:11.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiDeceptor",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.1",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T10:07:14.953Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiDeceptor version 6.0.0 or above \nPlease upgrade to FortiDeceptor version 5.3.1 or above \nPlease upgrade to FortiDeceptor version 5.2.1 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-35280",
"datePublished": "2025-01-15T10:07:14.953Z",
"dateReserved": "2024-05-14T21:15:19.190Z",
"dateUpdated": "2025-01-15T14:45:11.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45326 (GCVE-0-2024-45326)
Vulnerability from cvelistv5 ā Published: 2025-01-14 14:09 ā Updated: 2025-01-14 20:53
VLAI?
Summary
AnĀ Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.
Severity ?
CWE
- CWE-284 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDeceptor |
Affected:
6.0.0
Affected: 5.3.0 , ā¤ 5.3.3 (semver) Affected: 5.2.0 , ā¤ 5.2.1 (semver) Affected: 5.1.0 Affected: 5.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:14:59.021895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:53:58.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiDeceptor",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.1",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:09:55.772Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiDeceptor version 6.1.0 or above \nPlease upgrade to FortiDeceptor version 6.0.1 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-45326",
"datePublished": "2025-01-14T14:09:55.772Z",
"dateReserved": "2024-08-27T06:43:07.250Z",
"dateUpdated": "2025-01-14T20:53:58.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27487 (GCVE-0-2022-27487)
Vulnerability from cvelistv5 ā Published: 2023-04-11 16:06 ā Updated: 2024-10-23 14:28
VLAI?
Summary
A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.
Severity ?
CWE
- CWE-269 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiDeceptor |
Affected:
4.1.0
Affected: 4.0.0 , ā¤ 4.0.2 (semver) Affected: 3.3.0 , ā¤ 3.3.3 (semver) Affected: 3.2.0 , ā¤ 3.2.2 (semver) Affected: 3.1.0 , ā¤ 3.1.1 (semver) Affected: 3.0.0 , ā¤ 3.0.2 (semver) Affected: 2.1.0 Affected: 2.0.0 Affected: 1.1.0 Affected: 1.0.0 , ā¤ 1.0.1 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:57.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-056",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-056"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:12.648760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:28:34.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiDeceptor",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "4.1.0"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.1",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.2.2",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.3",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.5",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "2.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T16:06:58.797Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-056",
"url": "https://fortiguard.com/psirt/FG-IR-22-056"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiDeceptor version 4.2.0 or above Please upgrade to FortiDeceptor version 4.1.1 or above Please upgrade to FortiDeceptor version 4.0.2 or above Please upgrade to FortiDeceptor version 3.3.3 or above Please upgrade to FortiSandbox version 4.2.3 or above Please upgrade to FortiSandbox version 4.0.3 or above Please upgrade to FortiSandbox version 3.2.4 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-27487",
"datePublished": "2023-04-11T16:06:58.797Z",
"dateReserved": "2022-03-21T16:03:48.575Z",
"dateUpdated": "2024-10-23T14:28:34.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26209 (GCVE-0-2023-26209)
Vulnerability from cvelistv5 ā Published: 2023-03-09 14:55 ā Updated: 2024-10-22 20:47
VLAI?
Summary
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sendingĀ numerous HTTP requests to the login form.
Severity ?
CWE
- CWE-307 - Denial of service
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDeceptor |
Affected:
3.1.0 , ā¤ 3.1.1
(semver)
Affected: 3.0.0 , ā¤ 3.0.2 (semver) Affected: 2.1.0 Affected: 2.0.0 Affected: 1.1.0 Affected: 1.0.0 , ā¤ 1.0.1 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-20-078",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-078"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:19.121715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:47:45.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiDeceptor",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "3.1.1",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending\u00a0numerous HTTP requests to the login form."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-09T14:55:17.873Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-20-078",
"url": "https://fortiguard.com/psirt/FG-IR-20-078"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiAuthenticator\u00a0version 6.5.0\u00a0or above,\nPlease upgrade to FortiDeceptor\u00a0version 3.2.0\u00a0or above.\nPlease upgrade to FortiMail\u00a0version 6.4.1 or above,\r\nPlease upgrade to FortiMail version 6.2.5\u00a0or above,\r\nPlease upgrade to FortiMail version 6.0.10\u00a0or above."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-26209",
"datePublished": "2023-03-09T14:55:17.873Z",
"dateReserved": "2023-02-20T15:09:20.636Z",
"dateUpdated": "2024-10-22T20:47:45.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30305 (GCVE-0-2022-30305)
Vulnerability from cvelistv5 ā Published: 2022-12-06 16:00 ā Updated: 2024-10-22 20:51
VLAI?
Summary
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Severity ?
CWE
- CWE-778 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSandbox |
Affected:
4.0.0 , ā¤ 4.0.2
(semver)
Affected: 3.2.0 , ā¤ 3.2.3 (semver) Affected: 3.1.0 , ā¤ 3.1.5 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-170",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-170"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:52.650973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:51:37.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.3",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.5",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiDeceptor",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.1",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T16:00:54.500Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-170",
"url": "https://fortiguard.com/psirt/FG-IR-21-170"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSandbox version 4.2.1 or above\nPlease upgrade to FortiDeceptor version 4.3.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-30305",
"datePublished": "2022-12-06T16:00:54.500Z",
"dateReserved": "2022-05-06T12:09:27.625Z",
"dateUpdated": "2024-10-22T20:51:37.602Z",
"requesterUserId": "a0475cc0-be89-4a25-97b3-d1b8023a8677",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35280 (GCVE-0-2024-35280)
Vulnerability from nvd ā Published: 2025-01-15 10:07 ā Updated: 2025-01-15 14:45
VLAI?
Summary
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDeceptor |
Affected:
5.3.0
Affected: 5.2.0 Affected: 5.1.0 Affected: 5.0.0 Affected: 4.3.0 Affected: 4.2.0 Affected: 4.1.0 , ā¤ 4.1.1 (semver) Affected: 4.0.0 , ā¤ 4.0.2 (semver) Affected: 3.3.0 , ā¤ 3.3.3 (semver) Affected: 3.2.0 , ā¤ 3.2.2 (semver) Affected: 3.1.0 , ā¤ 3.1.1 (semver) Affected: 3.0.0 , ā¤ 3.0.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T14:44:56.156689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T14:45:11.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiDeceptor",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.1",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T10:07:14.953Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiDeceptor version 6.0.0 or above \nPlease upgrade to FortiDeceptor version 5.3.1 or above \nPlease upgrade to FortiDeceptor version 5.2.1 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-35280",
"datePublished": "2025-01-15T10:07:14.953Z",
"dateReserved": "2024-05-14T21:15:19.190Z",
"dateUpdated": "2025-01-15T14:45:11.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45326 (GCVE-0-2024-45326)
Vulnerability from nvd ā Published: 2025-01-14 14:09 ā Updated: 2025-01-14 20:53
VLAI?
Summary
AnĀ Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.
Severity ?
CWE
- CWE-284 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDeceptor |
Affected:
6.0.0
Affected: 5.3.0 , ā¤ 5.3.3 (semver) Affected: 5.2.0 , ā¤ 5.2.1 (semver) Affected: 5.1.0 Affected: 5.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:14:59.021895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:53:58.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiDeceptor",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.1",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:09:55.772Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiDeceptor version 6.1.0 or above \nPlease upgrade to FortiDeceptor version 6.0.1 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-45326",
"datePublished": "2025-01-14T14:09:55.772Z",
"dateReserved": "2024-08-27T06:43:07.250Z",
"dateUpdated": "2025-01-14T20:53:58.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27487 (GCVE-0-2022-27487)
Vulnerability from nvd ā Published: 2023-04-11 16:06 ā Updated: 2024-10-23 14:28
VLAI?
Summary
A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.
Severity ?
CWE
- CWE-269 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiDeceptor |
Affected:
4.1.0
Affected: 4.0.0 , ā¤ 4.0.2 (semver) Affected: 3.3.0 , ā¤ 3.3.3 (semver) Affected: 3.2.0 , ā¤ 3.2.2 (semver) Affected: 3.1.0 , ā¤ 3.1.1 (semver) Affected: 3.0.0 , ā¤ 3.0.2 (semver) Affected: 2.1.0 Affected: 2.0.0 Affected: 1.1.0 Affected: 1.0.0 , ā¤ 1.0.1 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:57.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-056",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-056"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:12.648760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:28:34.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiDeceptor",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "4.1.0"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.1",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.2.2",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.3",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.5",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "2.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T16:06:58.797Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-056",
"url": "https://fortiguard.com/psirt/FG-IR-22-056"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiDeceptor version 4.2.0 or above Please upgrade to FortiDeceptor version 4.1.1 or above Please upgrade to FortiDeceptor version 4.0.2 or above Please upgrade to FortiDeceptor version 3.3.3 or above Please upgrade to FortiSandbox version 4.2.3 or above Please upgrade to FortiSandbox version 4.0.3 or above Please upgrade to FortiSandbox version 3.2.4 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-27487",
"datePublished": "2023-04-11T16:06:58.797Z",
"dateReserved": "2022-03-21T16:03:48.575Z",
"dateUpdated": "2024-10-23T14:28:34.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26209 (GCVE-0-2023-26209)
Vulnerability from nvd ā Published: 2023-03-09 14:55 ā Updated: 2024-10-22 20:47
VLAI?
Summary
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sendingĀ numerous HTTP requests to the login form.
Severity ?
CWE
- CWE-307 - Denial of service
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDeceptor |
Affected:
3.1.0 , ā¤ 3.1.1
(semver)
Affected: 3.0.0 , ā¤ 3.0.2 (semver) Affected: 2.1.0 Affected: 2.0.0 Affected: 1.1.0 Affected: 1.0.0 , ā¤ 1.0.1 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-20-078",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-078"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:19.121715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:47:45.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiDeceptor",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "3.1.1",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending\u00a0numerous HTTP requests to the login form."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-09T14:55:17.873Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-20-078",
"url": "https://fortiguard.com/psirt/FG-IR-20-078"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiAuthenticator\u00a0version 6.5.0\u00a0or above,\nPlease upgrade to FortiDeceptor\u00a0version 3.2.0\u00a0or above.\nPlease upgrade to FortiMail\u00a0version 6.4.1 or above,\r\nPlease upgrade to FortiMail version 6.2.5\u00a0or above,\r\nPlease upgrade to FortiMail version 6.0.10\u00a0or above."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-26209",
"datePublished": "2023-03-09T14:55:17.873Z",
"dateReserved": "2023-02-20T15:09:20.636Z",
"dateUpdated": "2024-10-22T20:47:45.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30305 (GCVE-0-2022-30305)
Vulnerability from nvd ā Published: 2022-12-06 16:00 ā Updated: 2024-10-22 20:51
VLAI?
Summary
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Severity ?
CWE
- CWE-778 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSandbox |
Affected:
4.0.0 , ā¤ 4.0.2
(semver)
Affected: 3.2.0 , ā¤ 3.2.3 (semver) Affected: 3.1.0 , ā¤ 3.1.5 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-170",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-170"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:52.650973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:51:37.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.3",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.5",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiDeceptor",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.1",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T16:00:54.500Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-170",
"url": "https://fortiguard.com/psirt/FG-IR-21-170"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSandbox version 4.2.1 or above\nPlease upgrade to FortiDeceptor version 4.3.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-30305",
"datePublished": "2022-12-06T16:00:54.500Z",
"dateReserved": "2022-05-06T12:09:27.625Z",
"dateUpdated": "2024-10-22T20:51:37.602Z",
"requesterUserId": "a0475cc0-be89-4a25-97b3-d1b8023a8677",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-0031
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Fortinet. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, une Ć©lĆ©vation de privilĆØges et un dĆ©ni de service Ć distance.
Solutions
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiTester | FortiTester versions antĆ©rieures Ć 7.2.1 | ||
| Fortinet | FortiNDR | FortiNDR versions antĆ©rieures Ć 7.2.2 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antĆ©rieures Ć 7.0.5 | ||
| Fortinet | FortiMail | FortiMail versions 6.4x antĆ©rieures Ć 6.4.8 | ||
| Fortinet | FortiOS | FortiOS versions antĆ©rieures Ć 7.6.1 pour la vulnĆ©rabilitĆ© CVE-2024-52963 | ||
| Fortinet | FortiVoice | FortiVoice versions antĆ©rieures Ć 6.4.10 | ||
| Fortinet | FortiSOAR | Connecteur IMAP pour FortiSOAR versions antĆ©rieures Ć 3.5.8 | ||
| Fortinet | FortiClient | FortiClientEMS Cloud versions antĆ©rieures Ć 7.2.5 | ||
| Fortinet | FortiClient | FortiClientEMS versions antĆ©rieures Ć 7.2.5 | ||
| Fortinet | FortiClient | FortiClientWindows versions antĆ©rieures Ć 7.4.1 | ||
| Fortinet | FortiSwitch | FortiSwitch versions antĆ©rieures Ć 6.2.8 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.2.x postĆ©rieures Ć 7.2.1 et antĆ©rieures Ć 7.2.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.4.x postĆ©rieures Ć 7.4.1 et antĆ©rieures Ć 7.4.4 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions antĆ©rieures Ć 6.0.1 | ||
| Fortinet | FortiManager | FortiManager Cloud versions antĆ©rieures Ć 7.0.13 | ||
| Fortinet | FortiOS | FortiOS versions antĆ©rieures Ć 7.0.16 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions antĆ©rieures Ć 7.0.12 | ||
| Fortinet | FortiAP-W2 | FortiAP-W2 versions 7.4.x antĆ©rieures Ć 7.4.3 | ||
| Fortinet | FortiAP-W2 | FortiAP-W2 versions antĆ©rieures Ć 7.2.4 | ||
| Fortinet | FortiDDoS | FortiDDoS versions antĆ©rieures Ć 5.5.1 | ||
| Fortinet | FortiManager | FortiManager versions 6.2.x antĆ©rieures Ć 6.2.12 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antĆ©rieures Ć 7.4.1 | ||
| Fortinet | FortiDDoS-F | FortiDDoS-F versions antĆ©rieures Ć 6.3.3 | ||
| Fortinet | FortiVoiceEnterprise | FortiVoiceEnterprise versions antĆ©rieures Ć 6.0.10 | ||
| Fortinet | FortiVoiceEnterprise | FortiVoiceEnterprise versions 6.4.x antĆ©rieures Ć 6.4.4 | ||
| Fortinet | FortiWLC | FortiWLC versions 8.6.x antĆ©rieures Ć 8.6.6 | ||
| Fortinet | FortiADC | FortiADC versions 6.2.x antĆ©rieures Ć 6.2.4 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.3.x antĆ©rieures Ć 7.3.3 | ||
| Fortinet | FortiClient | FortiClientMac versions antĆ©rieures Ć 7.4.0 | ||
| Fortinet | FortiClient | FortiClientLinux versions antĆ©rieures Ć 7.4.0 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antĆ©rieures Ć 7.4.6 | ||
| Fortinet | FortiClient | FortiClientEMS versions 7.4.x antĆ©rieures Ć 7.4.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antĆ©rieures Ć 7.6.2 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antĆ©rieures Ć 7.4.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antĆ©rieures Ć 7.6.2 | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antĆ©rieures Ć 6.4.15 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antĆ©rieures Ć 7.4.4 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antĆ©rieures Ć 7.0.8 | ||
| Fortinet | FortiClient | FortiClientEMS Cloud versions 7.4.x antĆ©rieures Ć 7.4.1 | ||
| Fortinet | FortiClient | FortiClientLinux versions antĆ©rieures Ć 7.2.5 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antĆ©rieures Ć 7.0.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antĆ©rieures Ć 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antĆ©rieures Ć 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antĆ©rieures Ć 7.4.5 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postĆ©rieures Ć 7.4.1 et antĆ©rieures Ć 7.4.4 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antĆ©rieures Ć 7.2.5 | ||
| Fortinet | FortiClient | FortiClientMac versions antĆ©rieures Ć 7.2.5 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antĆ©rieures Ć 7.0.9 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antĆ©rieures Ć 7.2.12 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.4.x antĆ©rieures Ć 7.4.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antĆ©rieures Ć 6.4.15 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antĆ©rieures Ć 6.4.14 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antĆ©rieures Ć 7.2.5 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postĆ©rieures Ć 7.2.1 et antĆ©rieures Ć 7.2.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antĆ©rieures Ć 7.2.8 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.2.x antĆ©rieures Ć 7.2.6 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antĆ©rieures Ć 7.2.2 | ||
| Fortinet | FortiSOAR | FortiSOAR versions antĆ©rieures Ć 7.2.2 Security Patch 9 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.4.x antĆ©rieures Ć 7.4.1 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antĆ©rieures Ć 7.0.19 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antĆ©rieures Ć 7.0.13 | ||
| Fortinet | FortiPortal | FortiPortal versions 6.0.x antĆ©rieures Ć 6.0.15 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antĆ©rieures Ć 7.2.10 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antĆ©rieures Ć 2.0.15 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antĆ©rieures Ć 7.6.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antĆ©rieures Ć 7.0.13 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antĆ©rieures Ć 7.2.6 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.5.x antĆ©rieures Ć 7.5.1 | ||
| Fortinet | FortiAP | FortiAP versions 7.4.x antĆ©rieures Ć 7.4.3 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antĆ©rieures Ć 7.4.3 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antĆ©rieures Ć 7.0.5 | ||
| Fortinet | FortiAP-S | FortiAP-S versions antĆ©rieures Ć 6.4.10 | ||
| Fortinet | FortiAP | FortiAP versions antĆ©rieures Ć 7.2.4 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antĆ©rieures Ć 4.4.5 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.2.x antĆ©rieures Ć 4.2.7 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antĆ©rieures Ć 4.0.5 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions antĆ©rieures Ć 6.3.3 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions 6.4.x antĆ©rieures Ć 6.4.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antĆ©rieures Ć 7.1.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.2.x antĆ©rieures Ć 7.2.6 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiAP-W2",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAP-W2",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3",
"product": {
"name": "FortiDDoS-F",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10",
"product": {
"name": "FortiVoiceEnterprise",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
"product": {
"name": "FortiVoiceEnterprise",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "FortiWLC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiAP-S",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45326"
},
{
"name": "CVE-2023-37931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37931"
},
{
"name": "CVE-2024-32115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32115"
},
{
"name": "CVE-2023-42786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42786"
},
{
"name": "CVE-2024-35280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35280"
},
{
"name": "CVE-2024-35273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35273"
},
{
"name": "CVE-2024-48884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48884"
},
{
"name": "CVE-2024-46666",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46666"
},
{
"name": "CVE-2022-23439",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23439"
},
{
"name": "CVE-2024-47571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47571"
},
{
"name": "CVE-2024-35275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35275"
},
{
"name": "CVE-2024-47573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47573"
},
{
"name": "CVE-2024-52963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52963"
},
{
"name": "CVE-2023-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37937"
},
{
"name": "CVE-2024-33503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33503"
},
{
"name": "CVE-2024-55593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55593"
},
{
"name": "CVE-2024-48885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48885"
},
{
"name": "CVE-2024-46662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46662"
},
{
"name": "CVE-2024-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27778"
},
{
"name": "CVE-2024-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48893"
},
{
"name": "CVE-2024-47566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47566"
},
{
"name": "CVE-2024-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52969"
},
{
"name": "CVE-2024-35276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35276"
},
{
"name": "CVE-2024-40587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40587"
},
{
"name": "CVE-2024-36512",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36512"
},
{
"name": "CVE-2023-46715",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46715"
},
{
"name": "CVE-2024-36510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36510"
},
{
"name": "CVE-2024-56497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56497"
},
{
"name": "CVE-2024-46665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46665"
},
{
"name": "CVE-2024-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48890"
},
{
"name": "CVE-2024-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21758"
},
{
"name": "CVE-2024-52967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52967"
},
{
"name": "CVE-2023-37936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37936"
},
{
"name": "CVE-2024-46668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46668"
},
{
"name": "CVE-2024-35278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35278"
},
{
"name": "CVE-2024-26012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26012"
},
{
"name": "CVE-2024-46664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46664"
},
{
"name": "CVE-2024-23106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23106"
},
{
"name": "CVE-2024-54021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54021"
},
{
"name": "CVE-2024-46669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46669"
},
{
"name": "CVE-2023-5217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
},
{
"name": "CVE-2023-42785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42785"
},
{
"name": "CVE-2024-36504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36504"
},
{
"name": "CVE-2024-35277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35277"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2024-48886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48886"
},
{
"name": "CVE-2024-50564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50564"
},
{
"name": "CVE-2024-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33502"
},
{
"name": "CVE-2024-45331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45331"
},
{
"name": "CVE-2024-50563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50563"
},
{
"name": "CVE-2024-36506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36506"
},
{
"name": "CVE-2024-46667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46667"
},
{
"name": "CVE-2024-46670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46670"
},
{
"name": "CVE-2024-47572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47572"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0031",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-458"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-285"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-220"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-078"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
},
{
"published_at": "2025-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-189"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-401"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-170"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-476"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-415"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-461"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-266"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-086"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-465"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-210"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-211"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-010"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-216"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-304"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-164"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-310"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-405"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-381"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-417"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-071"
}
]
}
CERTFR-2023-AVI-0304
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Fortinet. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un contournement de la politique de sĆ©curitĆ© et une atteinte Ć la confidentialitĆ© des donnĆ©es.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiADC | FortiADC versions 5.x Ć 7.0.x antĆ©rieures Ć 7.0.4 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.2.x antĆ©rieures Ć 4.2.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.x antĆ©rieures Ć 3.2.4 | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antĆ©rieures Ć 7.1.2 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.x Ć 9.x antĆ©rieures Ć 9.4.2 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.0.x antĆ©rieures Ć 4.0.3 | ||
| Fortinet | FortiNAC | FortiNAC-F versions antĆ©rieures Ć 7.2.0 | ||
| Fortinet | FortiWeb | FortiWeb versions antĆ©rieures Ć 6.3.22 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antĆ©rieures Ć 7.2.2 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.0.x antĆ©rieures Ć 7.0.4 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antĆ©rieures Ć 7.0.6 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions 6.2.x antĆ©rieures Ć 6.2.3 | ||
| Fortinet | FortiOS | FortiOS versions 6.x antĆ©rieures Ć 6.4.13 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antĆ©rieures Ć 7.2.2 | ||
| Fortinet | FortiProxy | FortiProxy versions antĆ©rieures Ć 7.0.9 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antĆ©rieures Ć 7.0.11 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions 6.1.x antĆ©rieures Ć 6.1.5 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions 6.3.x antĆ©rieures Ć 6.3.4 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions 6.4.x antĆ©rieures Ć 6.4.1 | ||
| Fortinet | N/A | FortiPresence versions antĆ©rieures Ć 2.0.0 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions antĆ©rieures Ć 3.3.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antĆ©rieures Ć 7.0.7 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antĆ©rieures Ć 6.4.1 | ||
| Fortinet | N/A | FortiAuthenticator versions 6.4.x antĆ©rieures Ć 6.4.7 | ||
| Fortinet | N/A | FortiAuthenticator versions 6.1.x Ć 6.3.x antĆ©rieures Ć 6.3.4 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.1.x antĆ©rieures Ć 4.1.1 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antĆ©rieures Ć 7.2.3 | ||
| Fortinet | N/A | FortiClientMac versions 6.x Ć 7.x antĆ©rieures Ć 7.0.8 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antĆ©rieures Ć 7.2.4 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.0.x antĆ©rieures Ć 4.0.2 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.3.x antĆ©rieures Ć 7.3.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.8 Ć 6.4.x antĆ©rieures Ć 6.4.11 | ||
| Fortinet | FortiDDoS | FortiDDoS versions 4.x Ć 5.x antĆ©rieures Ć 5.7.0 | ||
| Fortinet | FortiManager | FortiManager versions 6.4.8 Ć 6.4.x antĆ©rieures Ć 6.4.11 | ||
| Fortinet | N/A | FortiClientWindows versions 6.x Ć 7.x antĆ©rieures Ć 7.0.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiADC versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.x ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.x \u00e0 9.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC-F versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 6.3.22",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.4.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions 6.1.x ant\u00e9rieures \u00e0 6.1.5",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions 6.3.x ant\u00e9rieures \u00e0 6.3.4",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPresence versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.1.x \u00e0 6.3.x ant\u00e9rieures \u00e0 6.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 4.1.x ant\u00e9rieures \u00e0 4.1.1",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 6.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.2",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.8 \u00e0 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS versions 4.x \u00e0 5.x ant\u00e9rieures \u00e0 5.7.0",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.8 \u00e0 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 6.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35850"
},
{
"name": "CVE-2022-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40679"
},
{
"name": "CVE-2022-43946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43946"
},
{
"name": "CVE-2022-43952",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43952"
},
{
"name": "CVE-2022-27487",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27487"
},
{
"name": "CVE-2023-27995",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27995"
},
{
"name": "CVE-2023-22641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22641"
},
{
"name": "CVE-2022-40682",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40682"
},
{
"name": "CVE-2022-43947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43947"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2023-22642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22642"
},
{
"name": "CVE-2022-27485",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27485"
},
{
"name": "CVE-2022-42469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42469"
},
{
"name": "CVE-2022-42470",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42470"
},
{
"name": "CVE-2022-43951",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43951"
},
{
"name": "CVE-2022-41331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41331"
},
{
"name": "CVE-2022-42477",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42477"
},
{
"name": "CVE-2022-41330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41330"
},
{
"name": "CVE-2022-43948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43948"
},
{
"name": "CVE-2022-43955",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43955"
},
{
"name": "CVE-2023-22635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22635"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0304",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-428 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-428"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-479 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-479"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-502 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-502"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-363 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-363"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-429 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-429"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-186 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-186"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-432 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-432"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-051 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-051"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-056 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-056"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-409 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-409"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-355 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-355"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-060 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-060"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-481 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-481"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-335 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-335"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-050 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-050"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-439 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-439"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-444 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-444"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-320 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-320"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-381 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-381"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-336 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-336"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-275 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-275"
}
]
}
CERTFR-2023-AVI-0199
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans Fortinet. Elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, une injection de code indirecte Ć distance (XSS), un contournement de la politique de sĆ©curitĆ©, un dĆ©ni de service Ć distance, une Ć©lĆ©vation de privilĆØges, une atteinte Ć l'intĆ©gritĆ© des donnĆ©es et une atteinte Ć la confidentialitĆ© des donnĆ©es.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiManager | FortiManager versions 6.0.x antĆ©rieures Ć 6.0.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.0.x antĆ©rieures Ć 7.0.3 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antĆ©rieures Ć 7.0.5 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antĆ©rieures Ć 7.0.0 | ||
| Fortinet | FortiPortal | FortiPortal versions 6.0.x antĆ©rieures Ć 6.0.10 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.4.x antĆ©rieures Ć 6.4.2 | ||
| Fortinet | FortiMail | FortiMail versions 6.0.x antĆ©rieures Ć 6.0.10 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antĆ©rieures Ć 6.4.11 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.0.x antĆ©rieures Ć 6.0.5 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.2.x antĆ©rieures Ć 9.2.7 | ||
| Fortinet | FortiOS | FortiOS versions antĆ©rieures Ć 7.4.0 | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antĆ©rieures Ć 6.2.13 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.3.x antĆ©rieures Ć 6.3.21 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.4.x antĆ©rieures Ć 9.4.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.2.x antĆ©rieures Ć 6.2.0 | ||
| Fortinet | FortiMail | FortiMail versions 6.2.x antĆ©rieures Ć 6.2.5 | ||
| Fortinet | N/A | FortiAuthenticator versions antĆ©rieures Ć 6.5.0 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antĆ©rieures Ć 7.2.2 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antĆ©rieures Ć 6.4.4 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.2.x antĆ©rieures Ć 6.2.13 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antĆ©rieures Ć 6.4.11 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antĆ©rieures Ć 7.0.9 | ||
| Fortinet | FortiMail | FortiMail versions 6.4.x antĆ©rieures Ć 6.4.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antĆ©rieures Ć 7.0.6 | ||
| Fortinet | FortiWeb | FortiWeb versions antĆ©rieures Ć 7.2.0 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.4.x antĆ©rieures Ć 6.4.12 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 7.0.x antĆ©rieures Ć 7.0.10 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antĆ©rieures Ć 7.2.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antĆ©rieures Ć 7.2.4 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.0.x antĆ©rieures Ć 6.0.12 | ||
| Fortinet | FortiNAC | FortiNAC versions antĆ©rieures Ć 7.2.0 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions antĆ©rieures Ć 3.2.0 | ||
| Fortinet | FortiManager | FortiManager versions antĆ©rieures Ć 6.2.0 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.3.x antĆ©rieures Ć 7.3.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antĆ©rieures Ć 2.0.12 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antĆ©rieures Ć 6.4.12 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.1.x antĆ©rieures Ć 9.1.9 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antĆ©rieures Ć 7.0.10 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiManager versions 6.0.x ant\u00e9rieures \u00e0 6.0.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.0",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.0.x ant\u00e9rieures \u00e0 6.0.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.7",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.21",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.2.x ant\u00e9rieures \u00e0 6.2.0",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.2.x ant\u00e9rieures \u00e0 6.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 6.2.0",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.12",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.1.x ant\u00e9rieures \u00e0 9.1.9",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-29056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29056"
},
{
"name": "CVE-2022-41329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
},
{
"name": "CVE-2022-41328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
},
{
"name": "CVE-2022-27490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27490"
},
{
"name": "CVE-2022-41333",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41333"
},
{
"name": "CVE-2023-25611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25611"
},
{
"name": "CVE-2022-39953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39953"
},
{
"name": "CVE-2023-23776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23776"
},
{
"name": "CVE-2022-42476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
},
{
"name": "CVE-2022-22297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22297"
},
{
"name": "CVE-2022-39951",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39951"
},
{
"name": "CVE-2022-45861",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
},
{
"name": "CVE-2022-40676",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40676"
},
{
"name": "CVE-2023-25605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25605"
},
{
"name": "CVE-2023-25610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0199",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-08T00:00:00.000000"
},
{
"description": "Correction mineure dans la partie r\u00e9sum\u00e9",
"revision_date": "2023-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eFortinet\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de\ncode indirecte \u00e0 distance (XSS), un contournement de la politique de\ns\u00e9curit\u00e9, un d\u00e9ni de service \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-078 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-078"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-447 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-447"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-488 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-488"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-369 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-369"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-477 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-477"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-254 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-254"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-388 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-388"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-401 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-401"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-050 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-050"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-281 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-281"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-001 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-001"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-218 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-218"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-232 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-18-232"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-309 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-309"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-364 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-364"
}
]
}
CERTFR-2022-AVI-1081
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Fortinet. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un contournement de la politique de sĆ©curitĆ© et une atteinte Ć la confidentialitĆ© des donnĆ©es.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiDeceptor | FortiDeceptor versions 3.x | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.x | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antĆ©rieures Ć 7.1.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.x antĆ©rieures Ć 4.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 6.x antĆ©rieures Ć 6.4.10 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antĆ©rieures Ć 7.2.2 | ||
| Fortinet | FortiADC | FortiADC versions 7.0.x antĆ©rieures Ć 7.0.3 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.x antĆ©rieures Ć 4.3.0 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.x antĆ©rieures Ć 2.0.11 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.x | ||
| Fortinet | FortiADC | FortiADC versions 6.x antĆ©rieures Ć 6.2.5 | ||
| Fortinet | FortiADC | FortiADC versions 5.x | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.x antĆ©rieures Ć 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antĆ©rieures Ć 7.0.8 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.x antĆ©rieures Ć 7.0.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiDeceptor versions 3.x",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.x",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 4.x ant\u00e9rieures \u00e0 4.3.0",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.x ant\u00e9rieures \u00e0 2.0.11",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.x ant\u00e9rieures \u00e0 6.2.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 5.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35843",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35843"
},
{
"name": "CVE-2022-30305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30305"
},
{
"name": "CVE-2022-33876",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33876"
},
{
"name": "CVE-2022-40680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40680"
},
{
"name": "CVE-2022-38379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38379"
},
{
"name": "CVE-2022-33875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33875"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1081",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-248 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-248"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-252 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-252"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-253 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-253"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-255 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-255"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-170 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-170"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-220 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-220"
}
]
}
VAR-202101-0502
Vulnerability from variot - Updated: 2023-12-18 13:47An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page. Fortinet FortiDeceptor is a network threat detection platform developed by Fortinet. The platform mainly exposes cyber threats, etc. through deception techniques
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.0.1"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.1.0"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.0.0"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.0.0"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.0.1"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.1.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015416"
},
{
"db": "NVD",
"id": "CVE-2020-29017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29017"
}
]
},
"cve": "CVE-2020-29017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2020-29017",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-375144",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-29017",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-29017",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-375144",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-375144"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015416"
},
{
"db": "NVD",
"id": "CVE-2020-29017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page. Fortinet FortiDeceptor is a network threat detection platform developed by Fortinet. The platform mainly exposes cyber threats, etc. through deception techniques",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29017"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015416"
},
{
"db": "VULHUB",
"id": "VHN-375144"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29017",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015416",
"trust": 0.8
},
{
"db": "VULHUB",
"id": "VHN-375144",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-375144"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015416"
},
{
"db": "NVD",
"id": "CVE-2020-29017"
}
]
},
"id": "VAR-202101-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-375144"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:47:15.145000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-20-177",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-20-177"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015416"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-375144"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015416"
},
{
"db": "NVD",
"id": "CVE-2020-29017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://www.fortiguard.com/psirt/fg-ir-20-177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29017"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-375144"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015416"
},
{
"db": "NVD",
"id": "CVE-2020-29017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-375144"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015416"
},
{
"db": "NVD",
"id": "CVE-2020-29017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-375144"
},
{
"date": "2021-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015416"
},
{
"date": "2021-01-14T16:15:18.070000",
"db": "NVD",
"id": "CVE-2020-29017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-375144"
},
{
"date": "2021-09-22T06:11:00",
"db": "JVNDB",
"id": "JVNDB-2020-015416"
},
{
"date": "2021-01-20T20:58:37.917000",
"db": "NVD",
"id": "CVE-2020-29017"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiDeceptor\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015416"
}
],
"trust": 0.8
}
}
VAR-202304-0939
Vulnerability from variot - Updated: 2023-12-18 13:31A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. fortinet's FortiDeceptor and FortiSandbox Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-0939",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortisandbox",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.2.3"
},
{
"model": "fortideceptor",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.0"
},
{
"model": "fortideceptor",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.0"
},
{
"model": "fortideceptor",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.2"
},
{
"model": "fortisandbox",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.3"
},
{
"model": "fortisandbox",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.0"
},
{
"model": "fortideceptor",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.3.3"
},
{
"model": "fortisandbox",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.5.0"
},
{
"model": "fortisandbox",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.2.4"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.1.0"
},
{
"model": "fortisandbox",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.2.0"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "4.2.0 that\u0027s all 4.2.3"
},
{
"model": "fortideceptor",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "2.5.0 that\u0027s all 3.2.4"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "4.0.0 that\u0027s all 4.0.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022451"
},
{
"db": "NVD",
"id": "CVE-2022-27487"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.4",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.3",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27487"
}
]
},
"cve": "CVE-2022-27487",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-27487",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-27487",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-27487",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-782",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022451"
},
{
"db": "NVD",
"id": "CVE-2022-27487"
},
{
"db": "NVD",
"id": "CVE-2022-27487"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-782"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. fortinet\u0027s FortiDeceptor and FortiSandbox Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27487"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022451"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-27487",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022451",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-782",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022451"
},
{
"db": "NVD",
"id": "CVE-2022-27487"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-782"
}
]
},
"id": "VAR-202304-0939",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37698412
},
"last_update_date": "2023-12-18T13:31:32.587000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-22-056",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-22-056"
},
{
"title": "Fortinet FortiSandbox Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234195"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022451"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-782"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022451"
},
{
"db": "NVD",
"id": "CVE-2022-27487"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://fortiguard.com/psirt/fg-ir-22-056"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27487"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-27487/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022451"
},
{
"db": "NVD",
"id": "CVE-2022-27487"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-782"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022451"
},
{
"db": "NVD",
"id": "CVE-2022-27487"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-782"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022451"
},
{
"date": "2023-04-11T17:15:07.193000",
"db": "NVD",
"id": "CVE-2022-27487"
},
{
"date": "2023-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-782"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-17T05:34:00",
"db": "JVNDB",
"id": "JVNDB-2022-022451"
},
{
"date": "2023-11-07T03:45:20.453000",
"db": "NVD",
"id": "CVE-2022-27487"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-782"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-782"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiDeceptor\u00a0 and \u00a0FortiSandbox\u00a0 Vulnerability in privilege management in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022451"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-782"
}
],
"trust": 0.6
}
}
VAR-202211-0112
Vulnerability from variot - Updated: 2023-12-18 13:22An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-0112",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.2.0"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.1.0"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.2"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.1.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38373"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38373"
}
]
},
"cve": "CVE-2022-38373",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38373",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-38373",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-1918",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38373"
},
{
"db": "NVD",
"id": "CVE-2022-38373"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-1918"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38373"
},
{
"db": "VULHUB",
"id": "VHN-434167"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38373",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202211-1918",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-434167",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434167"
},
{
"db": "NVD",
"id": "CVE-2022-38373"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-1918"
}
]
},
"id": "VAR-202211-0112",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-434167"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:22:08.919000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fortinet FortiDeceptor Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213035"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-1918"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434167"
},
{
"db": "NVD",
"id": "CVE-2022-38373"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-22-331"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38373/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434167"
},
{
"db": "NVD",
"id": "CVE-2022-38373"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-1918"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-434167"
},
{
"db": "NVD",
"id": "CVE-2022-38373"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-1918"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-434167"
},
{
"date": "2022-11-02T12:15:54.067000",
"db": "NVD",
"id": "CVE-2022-38373"
},
{
"date": "2022-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-1918"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-434167"
},
{
"date": "2022-11-03T13:51:59.737000",
"db": "NVD",
"id": "CVE-2022-38373"
},
{
"date": "2022-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-1918"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-1918"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiDeceptor Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-1918"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-1918"
}
],
"trust": 0.6
}
}
VAR-202212-0577
Vulnerability from variot - Updated: 2023-12-18 12:41An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. fortinet's FortiDeceptor and FortiSandbox Exists in unspecified vulnerabilities.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-0577",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortideceptor",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.0"
},
{
"model": "fortideceptor",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.2.0"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.2.0"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.2.1"
},
{
"model": "fortisandbox",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.0"
},
{
"model": "fortideceptor",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.2.2"
},
{
"model": "fortideceptor",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.0.2"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.2.2"
},
{
"model": "fortisandbox",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.1.0"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.1.0"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.1.1"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.2.3"
},
{
"model": "fortideceptor",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.2"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.1.0"
},
{
"model": "fortisandbox",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.1.5"
},
{
"model": "fortideceptor",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.0.0"
},
{
"model": "fortisandbox",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.2"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.1.1"
},
{
"model": "fortideceptor",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.3.0"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.2.0"
},
{
"model": "fortideceptor",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.3.3"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.1.0 to 3.1.5"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "4.0.0 to 4.0.2"
},
{
"model": "fortideceptor",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.2.3"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.2.1"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.2.0"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "3.2.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023339"
},
{
"db": "NVD",
"id": "CVE-2022-30305"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.2",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.3",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.5",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:3.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30305"
}
]
},
"cve": "CVE-2022-30305",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-30305",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-30305",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-30305",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-2592",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023339"
},
{
"db": "NVD",
"id": "CVE-2022-30305"
},
{
"db": "NVD",
"id": "CVE-2022-30305"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2592"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. fortinet\u0027s FortiDeceptor and FortiSandbox Exists in unspecified vulnerabilities.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30305"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023339"
},
{
"db": "VULHUB",
"id": "VHN-421799"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-30305",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023339",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2592",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-421799",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-421799"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023339"
},
{
"db": "NVD",
"id": "CVE-2022-30305"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2592"
}
]
},
"id": "VAR-202212-0577",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-421799"
}
],
"trust": 0.47698412
},
"last_update_date": "2023-12-18T12:41:32.068000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-21-170",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-21-170"
},
{
"title": "Fortinet FortiSandbox Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216882"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023339"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2592"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023339"
},
{
"db": "NVD",
"id": "CVE-2022-30305"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-21-170"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30305"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-30305/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-421799"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023339"
},
{
"db": "NVD",
"id": "CVE-2022-30305"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2592"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-421799"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023339"
},
{
"db": "NVD",
"id": "CVE-2022-30305"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2592"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-421799"
},
{
"date": "2023-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-023339"
},
{
"date": "2022-12-06T17:15:10.660000",
"db": "NVD",
"id": "CVE-2022-30305"
},
{
"date": "2022-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2592"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-421799"
},
{
"date": "2023-11-28T06:40:00",
"db": "JVNDB",
"id": "JVNDB-2022-023339"
},
{
"date": "2023-11-07T03:47:13.550000",
"db": "NVD",
"id": "CVE-2022-30305"
},
{
"date": "2022-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2592"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2592"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiDeceptor\u00a0 and \u00a0FortiSandbox\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023339"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2592"
}
],
"trust": 0.6
}
}
VAR-202006-1684
Vulnerability from variot - Updated: 2023-12-18 12:35An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. FortiDeceptor Exists in a session deadline vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiDeceptor is a network threat detection platform developed by Fortinet. The platform mainly exposes cyber threats, etc. through deception techniques. There is a security vulnerability in Fortinet FortiDeceptor 3.0.0 and earlier versions. The vulnerability is caused by the fact that the session ID does not expire after the program is logged out
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1684",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortideceptor",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.0.0"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "3.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007087"
},
{
"db": "NVD",
"id": "CVE-2020-6644"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6644"
}
]
},
"cve": "CVE-2020-6644",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007087",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-184769",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-6644",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007087",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6644",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-007087",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1542",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-184769",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-6644",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184769"
},
{
"db": "VULMON",
"id": "CVE-2020-6644"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007087"
},
{
"db": "NVD",
"id": "CVE-2020-6644"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1542"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. FortiDeceptor Exists in a session deadline vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiDeceptor is a network threat detection platform developed by Fortinet. The platform mainly exposes cyber threats, etc. through deception techniques. There is a security vulnerability in Fortinet FortiDeceptor 3.0.0 and earlier versions. The vulnerability is caused by the fact that the session ID does not expire after the program is logged out",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6644"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007087"
},
{
"db": "VULHUB",
"id": "VHN-184769"
},
{
"db": "VULMON",
"id": "CVE-2020-6644"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6644",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007087",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1542",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "46971",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2169",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-184769",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-6644",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184769"
},
{
"db": "VULMON",
"id": "CVE-2020-6644"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007087"
},
{
"db": "NVD",
"id": "CVE-2020-6644"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1542"
}
]
},
"id": "VAR-202006-1684",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-184769"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:35:28.848000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-20-006",
"trust": 0.8,
"url": "https://fortiguard.com/advisory/fg-ir-20-006"
},
{
"title": "Fortinet FortiDeceptor Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122766"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007087"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1542"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-613",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184769"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007087"
},
{
"db": "NVD",
"id": "CVE-2020-6644"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/advisory/fg-ir-20-006"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6644"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6644"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46971"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2169/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/613.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183784"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184769"
},
{
"db": "VULMON",
"id": "CVE-2020-6644"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007087"
},
{
"db": "NVD",
"id": "CVE-2020-6644"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1542"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-184769"
},
{
"db": "VULMON",
"id": "CVE-2020-6644"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007087"
},
{
"db": "NVD",
"id": "CVE-2020-6644"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1542"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-22T00:00:00",
"db": "VULHUB",
"id": "VHN-184769"
},
{
"date": "2020-06-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6644"
},
{
"date": "2020-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007087"
},
{
"date": "2020-06-22T16:15:12.057000",
"db": "NVD",
"id": "CVE-2020-6644"
},
{
"date": "2020-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1542"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-29T00:00:00",
"db": "VULHUB",
"id": "VHN-184769"
},
{
"date": "2020-06-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6644"
},
{
"date": "2020-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007087"
},
{
"date": "2020-06-29T01:20:04.167000",
"db": "NVD",
"id": "CVE-2020-6644"
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1542"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1542"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiDeceptor Session deadline vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1542"
}
],
"trust": 0.6
}
}
VAR-202207-0147
Vulnerability from variot - Updated: 2023-12-18 12:26Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests. FortiDeceptor A path traversal vulnerability exists in the management interface.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Fortinet FortiDeceptor is a network threat detection platform developed by Fortinet. The platform mainly exposes cyber threats, etc. through deception techniques
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortideceptor",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.0.0"
},
{
"model": "fortideceptor",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.2.2"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.0"
},
{
"model": "fortideceptor",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.3.0"
},
{
"model": "fortideceptor",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.3.2"
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.1"
},
{
"model": "fortideceptor",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortideceptor",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015693"
},
{
"db": "NVD",
"id": "CVE-2022-30302"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.2",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.2",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30302"
}
]
},
"cve": "CVE-2022-30302",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-30302",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-30302",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-30302",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-385",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015693"
},
{
"db": "NVD",
"id": "CVE-2022-30302"
},
{
"db": "NVD",
"id": "CVE-2022-30302"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-385"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests. FortiDeceptor A path traversal vulnerability exists in the management interface.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Fortinet FortiDeceptor is a network threat detection platform developed by Fortinet. The platform mainly exposes cyber threats, etc. through deception techniques",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015693"
},
{
"db": "VULHUB",
"id": "VHN-421796"
},
{
"db": "VULMON",
"id": "CVE-2022-30302"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-30302",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015693",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-385",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022070534",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-421796",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-30302",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-421796"
},
{
"db": "VULMON",
"id": "CVE-2022-30302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015693"
},
{
"db": "NVD",
"id": "CVE-2022-30302"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-385"
}
]
},
"id": "VAR-202207-0147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-421796"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:26:04.827000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-21-213",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-21-213"
},
{
"title": "Fortinet FortiDeceptor Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201663"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015693"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-385"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-421796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015693"
},
{
"db": "NVD",
"id": "CVE-2022-30302"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-21-213"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30302"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070534"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-30302/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-421796"
},
{
"db": "VULMON",
"id": "CVE-2022-30302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015693"
},
{
"db": "NVD",
"id": "CVE-2022-30302"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-385"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-421796"
},
{
"db": "VULMON",
"id": "CVE-2022-30302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015693"
},
{
"db": "NVD",
"id": "CVE-2022-30302"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-385"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-421796"
},
{
"date": "2022-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30302"
},
{
"date": "2023-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015693"
},
{
"date": "2022-07-19T14:15:08.820000",
"db": "NVD",
"id": "CVE-2022-30302"
},
{
"date": "2022-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-385"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-27T00:00:00",
"db": "VULHUB",
"id": "VHN-421796"
},
{
"date": "2022-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30302"
},
{
"date": "2023-09-28T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-015693"
},
{
"date": "2022-07-27T12:18:30.117000",
"db": "NVD",
"id": "CVE-2022-30302"
},
{
"date": "2022-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-385"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-385"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiDeceptor\u00a0 Path traversal vulnerability in management interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015693"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-385"
}
],
"trust": 0.6
}
}