cvelistv5 - cve-2015-1459

CVE-2015-1459 (GCVE-0-2015-1459)

Vulnerability from cvelistv5 – Published: 2015-02-03 16:00 – Updated: 2024-08-06 04:40

Summary

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/62836	third-party-advisoryx_refsource_SECUNIA
	http://packetstormsecurity.com/files/130156/Forti…	x_refsource_MISC
	http://www.securityfocus.com/bid/72378	vdb-entryx_refsource_BID
	http://www.fortiguard.com/advisory/FG-IR-15-003/	x_refsource_CONFIRM
	http://www.security-assessment.com/files/document…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:40:18.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "fortinetfortiauthenticator-scep-xss(100561)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100561"
          },
          {
            "name": "62836",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62836"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html"
          },
          {
            "name": "72378",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72378"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/FG-IR-15-003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "fortinetfortiauthenticator-scep-xss(100561)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100561"
        },
        {
          "name": "62836",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62836"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html"
        },
        {
          "name": "72378",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72378"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/FG-IR-15-003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1459",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "fortinetfortiauthenticator-scep-xss(100561)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100561"
            },
            {
              "name": "62836",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62836"
            },
            {
              "name": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html"
            },
            {
              "name": "72378",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72378"
            },
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-15-003/",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/FG-IR-15-003/"
            },
            {
              "name": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf",
              "refsource": "MISC",
              "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-1459",
    "datePublished": "2015-02-03T16:00:00",
    "dateReserved": "2015-02-03T00:00:00",
    "dateUpdated": "2024-08-06T04:40:18.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69679596-58BA-4C9B-A56E-E3B0FA03E26C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en Fortinet FortiAuthenticator 3.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\\u00e9s del par\\u00e1metro operation en cert/scep/.\"}]",
      "id": "CVE-2015-1459",
      "lastModified": "2024-11-21T02:25:28.380",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-02-03T16:59:31.030",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/62836\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.fortiguard.com/advisory/FG-IR-15-003/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/72378\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100561\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/62836\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.fortiguard.com/advisory/FG-IR-15-003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/72378\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100561\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-1459\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-02-03T16:59:31.030\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en Fortinet FortiAuthenticator 3.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro operation en cert/scep/.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69679596-58BA-4C9B-A56E-E3B0FA03E26C\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/62836\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.fortiguard.com/advisory/FG-IR-15-003/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/72378\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100561\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/62836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.fortiguard.com/advisory/FG-IR-15-003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/72378\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100561\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CNVD-2015-01109

Vulnerability from cnvd - Published: 2015-02-12

Title

Fortinet FortiAuthenticator跨站脚本漏洞

Description

Fortinet FortiAuthenticator是对FortiToken™双因子认证令牌进行安全的远程访问的识别与对接的系列安全认证的解决方案。 Fortinet FortiAuthenticator 3.0.0存在跨站脚本漏洞，允许远程攻击者通过操作参数对 cert/scep /注入任意web脚本或HTML。

Severity

中

Formal description

目前没有详细的解决方案，请到厂商的主页下载： http://www.fortinet.com

Reference

http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf

Impacted products

Name
Fortinet FortiAuthenticator 3.0.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72378"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1459"
    }
  },
  "description": "Fortinet FortiAuthenticator\u662f\u5bf9FortiToken\u2122\u53cc\u56e0\u5b50\u8ba4\u8bc1\u4ee4\u724c\u8fdb\u884c\u5b89\u5168\u7684\u8fdc\u7a0b\u8bbf\u95ee\u7684\u8bc6\u522b\u4e0e\u5bf9\u63a5\u7684\u7cfb\u5217\u5b89\u5168\u8ba4\u8bc1\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nFortinet FortiAuthenticator 3.0.0\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u64cd\u4f5c\u53c2\u6570\u5bf9 cert/scep /\u6ce8\u5165\u4efb\u610fweb\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Denis Andzakovic",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.fortinet.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01109",
  "openTime": "2015-02-12",
  "products": {
    "product": "Fortinet FortiAuthenticator 3.0.0"
  },
  "referenceLink": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2015-02-05",
  "title": "Fortinet FortiAuthenticator\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

FKIE_CVE-2015-1459

Vulnerability from fkie_nvd - Published: 2015-02-03 16:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html	Exploit
cve@mitre.org	http://secunia.com/advisories/62836
cve@mitre.org	http://www.fortiguard.com/advisory/FG-IR-15-003/	Vendor Advisory
cve@mitre.org	http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/72378	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/100561
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62836
af854a3a-2127-422b-91ae-364da2661108	http://www.fortiguard.com/advisory/FG-IR-15-003/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72378	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/100561

Impacted products

	Vendor	Product	Version
	fortinet	fortiauthenticator	3.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69679596-58BA-4C9B-A56E-E3B0FA03E26C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Fortinet FortiAuthenticator 3.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro operation en cert/scep/."
    }
  ],
  "id": "CVE-2015-1459",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-02-03T16:59:31.030",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62836"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/FG-IR-15-003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/72378"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/FG-IR-15-003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/72378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100561"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201502-0402

Vulnerability from variot - Updated: 2023-12-18 12:57

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. Fortinet FortiAuthenticator Appliance is prone to the following multiple security vulnerabilities: 1. A cross-site scripting vulnerability 2. A command-execution vulnerability 3. Multiple information-disclosure vulnerabilities An attacker can exploit these issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, execute arbitrary commands and gain access to potentially sensitive information. FortiAuthenticator v300 build 0007 is vulnerable; other versions may also be affected. Fortinet FortiAuthenticator is a series of security authentication software from Fortinet, which can be combined with FortiToken (two-factor authentication token) to provide secure two-factor authentication to third-party devices authenticated by RADIUS or LDAP. ( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (,) .'), ) _ , / _/ / _ \ ____ _____ ____ \==/ /\ \ _/ \/ _ \ / \ / \/ | \ _( <> ) Y Y \ /__ /_| / _ >_/||| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _=''"''=.

            presents.. The FortiAuthenticator is a user

identity management appliance, supporting two factor authentication, RADIUS, LDAP, 802.1x Wireless Authentication, Certificate management and single sign on.

The FortiAuthenticator appliance was found to contain a subshell bypass vulnerability, allowing remote administrators to gain root level access via the command line. Local file and password disclosure vulnerabilities were discovered, as well as a Reflected Cross Site Scripting vulnerability within the SCEP system.

+--------------+ | Exploitation | +--------------+ --[ dbgcore_enable_shell_access Subshell Bypass

By logging into the Fortinet Authenticator and executing the ‘shell’ command, a malicious user can gain a root /bin/bash shell on the server. However, unless the /tmp/privexec/dbgcore_enable_shell_access file exists (the contents of this file are irrelevant), then the command returns ‘shell: No such command.' If the file is present, then the command succeeds and a root shell is given.

The ‘/tmp/privexec/dbgcore_enable_shell_access’ file can be created by using the ‘load-debug-kit’ command and specifying a network accessible tftp server with the relevant debug kit. The debug kits were found to be generated by an internal Fortinet tool called ‘mkprivexec’. The ‘load-debug-kit’ command expects encrypted binaries which are subsequently executed.

An attacker that can either generate a valid debug kit or create the appropriate file in /tmp/privexec can therefore get a root shell. This is likely a workaround for CVE-2013-6990, however an attacker can still obtain root level command line access with some additional steps.

--[ Local File Disclosure

A malicious user can pass the ‘-f’ flag to the ‘dig’ command and read files from the filesystem. An example would be executing 'dig -f /etc/passwd' and observing the dig commands output, retrieving the /etc/passwd files contents.

--[ Password Disclosure

A malicious user may use the debug logging functionality within the Fortinet FortiAuthenticator administrative console to obtain the passwords of the PostgreSQL database users. The disclosed passwords were found to be weak and are static across Fortinet FortiAuthenticator appliances. The following credentials were enumerated:

+-----------------+ |Username:Password| +-----------------+ | slony : slony | |www-data:www-data| +-----------------+

--[ Reflected Cross Site Scripting

By coercing a legitimate user (usually through a social engineering attack) to visit a specific FortiAuthenticator URL, an attacker may execute malicious JavaScript in the context of the user’s browser. This can subsequently be used to harm the user’s browser or hijack their session. This is due to the ‘operation’ parameter in the SCEP service being reflected to the end user without sufficient input validation and output scrubbing. The following URL can be used to replicate the Reflected Cross Site Scripting vulnerability:

https:///cert/scep/?operation=alert(1)

+----------+ | Solution | +----------+ No official solution is currently available for these vulnerabilities. Email correspondence with Fortinet suggests that the Local File Disclosure and Password Disclosure vulnerabilities have been resolved in version 3.2. No official documentation was found to confirm this.

+---------------------+ | Disclosure Timeline | +---------------------+ 08/10/2014 - Initial email sent to Fortinet PSIRT team. 09/10/2014 - Advisory documents sent to Fortinet. 15/10/2014 - Acknowledgement of advisories from Fortinet. 16/10/2014 - Fortinet advised the Local File and Password disclosure issues would be resolved in the 3.2 release. 31/10/2014 - Additional information sent to Fortinet RE Reflected XSS 03/11/2014 - Additional information sent to Fortinet RE Reflected XSS 02/12/2014 - Update requested from Fortinet. 13/12/2014 - Update requested from Fortinet. 29/01/2015 - Advisory Release.

+-------------------------------+ | About Security-Assessment.com | +-------------------------------+

Security-Assessment.com is Australasia's leading team of Information Security consultants specialising in providing high quality Information Security services to clients throughout the Asia Pacific region. Our clients include some of the largest globally recognised companies in areas such as finance, telecommunications, broadcasting, legal and government. Our aim is to provide the very best independent advice and a high level of technical expertise while creating long and lasting professional relationships with our clients.

Security-Assessment.com is committed to security research and development, and its team continues to identify and responsibly publish vulnerabilities in public and private software vendor's products. Members of the Security-Assessment.com R&D team are globally recognised through their release of whitepapers and presentations related to new security research.

For further information on this issue or any of our service offerings, contact us:

Web www.security-assessment.com Email info () security-assessment com Phone +64 4 470 1650

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201502-0402",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "3.0.0"
      },
      {
        "model": "fortiauthenticator",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "3.2.1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-063"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1459"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Denis Andzakovic",
    "sources": [
      {
        "db": "BID",
        "id": "72378"
      },
      {
        "db": "PACKETSTORM",
        "id": "130156"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-1459",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1459",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-79420",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1459",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201502-063",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79420",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79420"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-063"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. Fortinet FortiAuthenticator Appliance is prone to the following multiple security vulnerabilities:\n1. A cross-site scripting vulnerability\n2. A command-execution vulnerability\n3. Multiple information-disclosure vulnerabilities\nAn attacker can exploit these issues to execute arbitrary script code in  the context of the vulnerable site, potentially allowing the attacker  to steal cookie-based authentication credentials, execute arbitrary commands and gain access to potentially sensitive information. \nFortiAuthenticator v300 build 0007 is vulnerable; other versions may also be affected. Fortinet FortiAuthenticator is a series of security authentication software from Fortinet, which can be combined with FortiToken (two-factor authentication token) to provide secure two-factor authentication to third-party devices authenticated by RADIUS or LDAP. (    , )     (,\n  .   \u0027.\u0027 ) (\u0027.    \u0027,\n   ). , (\u0027.   ( ) (\n  (_,) .\u0027), ) _ _,\n /  _____/  / _  \\    ____  ____   _____\n \\____  \\==/ /_\\  \\ _/ ___\\/  _ \\ /     \\\n /       \\/   |    \\\\  \\__(  \u003c_\u003e )  Y Y  \\\n/______  /\\___|__  / \\___  \u003e____/|__|_|  /\n        \\/         \\/.-.    \\/         \\/:wq\n                    (x.0)\n                  \u0027=.|w|.=\u0027\n                  _=\u0027\u0027\"\u0027\u0027=. \n\n                presents.. The FortiAuthenticator is a user\nidentity management appliance, supporting two factor authentication, RADIUS,\nLDAP, 802.1x Wireless Authentication, Certificate management and single sign\non. \n\nThe FortiAuthenticator appliance was found to contain a subshell bypass\nvulnerability, allowing remote administrators to gain root level access via\nthe command line. Local file and password disclosure vulnerabilities were\ndiscovered, as well as a Reflected Cross Site Scripting vulnerability within\nthe SCEP system. \n\n+--------------+\n| Exploitation |\n+--------------+\n--[ dbgcore_enable_shell_access Subshell Bypass\n\nBy logging into the Fortinet Authenticator and executing the \u2018shell\u2019 command,\na malicious user can gain a root /bin/bash shell on the server. However,\nunless the /tmp/privexec/dbgcore_enable_shell_access file exists (the contents\nof this file are irrelevant), then the command returns \u2018shell: No such\ncommand.\u0027  If the file is present, then the command succeeds and a root shell\nis given. \n \nThe \u2018/tmp/privexec/dbgcore_enable_shell_access\u2019 file can be created by using\nthe \u2018load-debug-kit\u2019 command and specifying a network accessible tftp server\nwith the relevant debug kit. The debug kits were found to be generated by an\ninternal Fortinet tool called \u2018mkprivexec\u2019. The \u2018load-debug-kit\u2019 command\nexpects encrypted binaries which are subsequently executed. \n\nAn attacker that can either generate a valid debug kit or create the\nappropriate file in /tmp/privexec can therefore get a root shell. This is\nlikely a workaround for CVE-2013-6990, however an attacker can still obtain\nroot level command line access with some additional steps. \n\n--[ Local File Disclosure\n\nA malicious user can pass the \u2018-f\u2019 flag to the \u2018dig\u2019 command and read files\nfrom the filesystem. An example would be executing \u0027dig -f /etc/passwd\u0027 and\nobserving the dig commands output, retrieving the /etc/passwd files contents. \n \n--[ Password Disclosure\n\nA malicious user may use the debug logging functionality within the Fortinet\nFortiAuthenticator administrative console to obtain the passwords of the\nPostgreSQL database users. The disclosed passwords were found to be weak and\nare static across Fortinet FortiAuthenticator appliances. The following\ncredentials were enumerated:\n\n+-----------------+\n|Username:Password|\n+-----------------+\n|  slony : slony  |\n|www-data:www-data|\n+-----------------+\n \n--[ Reflected Cross Site Scripting\n\nBy coercing a legitimate user (usually through a social engineering attack) to\nvisit a specific FortiAuthenticator URL, an attacker may execute malicious\nJavaScript in the context of the user\u2019s browser. This can subsequently be used\nto harm the user\u2019s browser or hijack their session. This is due to the\n\u2018operation\u2019 parameter in the SCEP service being reflected to the end user\nwithout sufficient input validation and output scrubbing. The following\nURL can be used to replicate the Reflected Cross Site Scripting vulnerability:\n\nhttps://\u003cFortiAuthenticatorIP\u003e/cert/scep/?operation=\u003cscript\u003ealert(1)\u003c/script\u003e\n\n+----------+\n| Solution |\n+----------+\nNo official solution is currently available for these vulnerabilities. Email\ncorrespondence with Fortinet suggests that the Local File Disclosure and\nPassword Disclosure vulnerabilities have been resolved in version 3.2. No\nofficial documentation was found to confirm this. \n\n+---------------------+\n| Disclosure Timeline |\n+---------------------+\n08/10/2014 -\tInitial email sent to Fortinet PSIRT team. \n09/10/2014 -\tAdvisory documents sent to Fortinet. \n15/10/2014 -\tAcknowledgement of advisories from Fortinet. \n16/10/2014 -\tFortinet advised the Local File and Password disclosure issues would be resolved in the 3.2 release. \n31/10/2014 -\tAdditional information sent to Fortinet RE Reflected XSS\n03/11/2014 -\tAdditional information sent to Fortinet RE Reflected XSS\n02/12/2014 -\tUpdate requested from Fortinet. \n13/12/2014 -\tUpdate requested from Fortinet. \n29/01/2015 -\tAdvisory Release. \n\n+-------------------------------+\n| About Security-Assessment.com |\n+-------------------------------+\n\nSecurity-Assessment.com is Australasia\u0027s leading team of Information Security\nconsultants specialising in providing high quality Information Security \nservices to clients throughout the Asia Pacific region. Our clients include\nsome of the largest globally recognised companies in areas such as finance,\ntelecommunications, broadcasting, legal and government. Our aim is to provide\nthe very best independent advice and a high level of technical expertise while\ncreating long and lasting professional relationships with our clients. \n\nSecurity-Assessment.com is committed to security research and development,\nand its team continues to identify and responsibly publish vulnerabilities\nin public and private software vendor\u0027s products. Members of the \nSecurity-Assessment.com R\u0026D team are globally recognised through their release\nof whitepapers and presentations related to new security research. \n\nFor further information on this issue or any of our service offerings, \ncontact us:\n\nWeb www.security-assessment.com\nEmail info () security-assessment com\nPhone +64 4 470 1650\n\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      },
      {
        "db": "BID",
        "id": "72378"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79420"
      },
      {
        "db": "PACKETSTORM",
        "id": "130156"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1459",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "72378",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "130156",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "62836",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001442",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-063",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "100561",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-79420",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79420"
      },
      {
        "db": "BID",
        "id": "72378"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      },
      {
        "db": "PACKETSTORM",
        "id": "130156"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-063"
      }
    ]
  },
  "id": "VAR-201502-0402",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79420"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:57:48.450000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiAuthenticator multiple vulnerabilities",
        "trust": 0.8,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-003/"
      },
      {
        "title": "FortiAuthenticator\u8a8d\u8a3c\u30b5\u30fc\u30d0\u30fc",
        "trust": 0.8,
        "url": "http://www.fortinet.co.jp/products/fortiauthenticator/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79420"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1459"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.security-assessment.com/files/documents/advisory/fortinet_fortiauthenticator_multiple_vulnerabilities.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/72378"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/130156/fortinet-fortiauthenticator-xss-disclosure-bypass.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-003/"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62836"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100561"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1459"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1459"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/100561"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.1,
        "url": "https://\u003cfortiauthenticatorip\u003e/cert/scep/?operation=\u003cscript\u003ealert(1)\u003c/script\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79420"
      },
      {
        "db": "BID",
        "id": "72378"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      },
      {
        "db": "PACKETSTORM",
        "id": "130156"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-063"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-79420"
      },
      {
        "db": "BID",
        "id": "72378"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      },
      {
        "db": "PACKETSTORM",
        "id": "130156"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-063"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79420"
      },
      {
        "date": "2015-01-29T00:00:00",
        "db": "BID",
        "id": "72378"
      },
      {
        "date": "2015-02-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      },
      {
        "date": "2015-01-29T16:15:59",
        "db": "PACKETSTORM",
        "id": "130156"
      },
      {
        "date": "2015-02-03T16:59:31.030000",
        "db": "NVD",
        "id": "CVE-2015-1459"
      },
      {
        "date": "2015-02-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201502-063"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79420"
      },
      {
        "date": "2015-03-19T07:30:00",
        "db": "BID",
        "id": "72378"
      },
      {
        "date": "2015-03-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      },
      {
        "date": "2017-09-08T01:29:49.403000",
        "db": "NVD",
        "id": "CVE-2015-1459"
      },
      {
        "date": "2015-02-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201502-063"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-063"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiAuthenticator Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001442"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-063"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-1459

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.

Aliases

CVE-2015-1459

Aliases

CVE-2015-1459

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1459",
    "description": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.",
    "id": "GSD-2015-1459"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1459"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.",
      "id": "GSD-2015-1459",
      "modified": "2023-12-13T01:20:04.861047Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-1459",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "fortinetfortiauthenticator-scep-xss(100561)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100561"
          },
          {
            "name": "62836",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62836"
          },
          {
            "name": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html"
          },
          {
            "name": "72378",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/72378"
          },
          {
            "name": "http://www.fortiguard.com/advisory/FG-IR-15-003/",
            "refsource": "CONFIRM",
            "url": "http://www.fortiguard.com/advisory/FG-IR-15-003/"
          },
          {
            "name": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf",
            "refsource": "MISC",
            "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1459"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html"
            },
            {
              "name": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf"
            },
            {
              "name": "72378",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/72378"
            },
            {
              "name": "62836",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62836"
            },
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-15-003/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.fortiguard.com/advisory/FG-IR-15-003/"
            },
            {
              "name": "fortinetfortiauthenticator-scep-xss(100561)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100561"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-08T01:29Z",
      "publishedDate": "2015-02-03T16:59Z"
    }
  }
}

GHSA-M2W5-GMFG-WJG3

Vulnerability from github – Published: 2022-05-17 01:10 – Updated: 2025-04-12 12:45

Details

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-02-03T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.",
  "id": "GHSA-m2w5-gmfg-wjg3",
  "modified": "2025-04-12T12:45:00Z",
  "published": "2022-05-17T01:10:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1459"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100561"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62836"
    },
    {
      "type": "WEB",
      "url": "http://www.fortiguard.com/advisory/FG-IR-15-003"
    },
    {
      "type": "WEB",
      "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/72378"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-1459 (GCVE-0-2015-1459)

CNVD-2015-01109

FKIE_CVE-2015-1459

VAR-201502-0402

GSD-2015-1459

GHSA-M2W5-GMFG-WJG3

Tags

Sightings

Nomenclature