cve-2017-3126
Vulnerability from cvelistv5
Published
2017-05-26 22:00
Modified
2024-08-05 14:16
Severity
Summary
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
References
Source | URL | Tags |
---|---|---|
psirt@fortinet.com | http://www.securityfocus.com/bid/98557 | Third Party Advisory, VDB Entry |
psirt@fortinet.com | http://www.securitytracker.com/id/1038539 | |
psirt@fortinet.com | http://www.securitytracker.com/id/1038540 | |
psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-17-014 | Vendor Advisory |
Impacted products
Vendor | Product |
---|---|
Fortinet, Inc. | Fortinet FortiAnalyzer, FortiManager |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:28.200Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1038540", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038540" }, { "name": "98557", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98557" }, { "name": "1038539", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038539" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-17-014" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Fortinet FortiAnalyzer, FortiManager", "vendor": "Fortinet, Inc.", "versions": [ { "status": "affected", "version": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0" }, { "status": "affected", "version": "FortiManager 5.4.2, 5.4.1, 5.4.0" } ] } ], "datePublic": "2017-04-26T00:00:00", "descriptions": [ { "lang": "en", "value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "Open redirect", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "1038540", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038540" }, { "name": "98557", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98557" }, { "name": "1038539", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038539" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://fortiguard.com/psirt/FG-IR-17-014" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2017-3126", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiAnalyzer, FortiManager", "version": { "version_data": [ { "version_value": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0" }, { "version_value": "FortiManager 5.4.2, 5.4.1, 5.4.0" } ] } } ] }, "vendor_name": "Fortinet, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Open redirect" } ] } ] }, "references": { "reference_data": [ { "name": "1038540", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038540" }, { "name": "98557", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98557" }, { "name": "1038539", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038539" }, { "name": "https://fortiguard.com/psirt/FG-IR-17-014", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-17-014" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2017-3126", "datePublished": "2017-05-26T22:00:00", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-08-05T14:16:28.200Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-3126\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2017-05-27T00:29:00.973\",\"lastModified\":\"2017-07-08T01:29:11.803\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Redireccionamiento Abierto en FortiAnalyzer versiones desde 5.4.0 hasta 5.4.2 y FortiManager versiones desde 5.4.0 hasta 5.4.2 de Fortinet, permite a un atacante ejecutar c\u00f3digo o comandos no autorizados por medio del par\u00e1metro next.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC123643-C9EE-40BF-B6F5-CE942F0A474E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDBCBC4B-ECCB-467D-8CB1-D017C5DCB3D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9CD11DF-36F4-4761-92AC-5F01F965B02A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C235585-4228-43B3-B2BB-06563B67F9E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortimanager_firmware:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B760F3B0-C81A-4B53-8D1E-384834D4A594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortimanager_firmware:5.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43BF2F41-32BB-4C64-A9A2-62FB61B7D318\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/98557\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038539\",\"source\":\"psirt@fortinet.com\"},{\"url\":\"http://www.securitytracker.com/id/1038540\",\"source\":\"psirt@fortinet.com\"},{\"url\":\"https://fortiguard.com/psirt/FG-IR-17-014\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...