VAR-201404-0126
Vulnerability from variot - Updated: 2023-12-18 12:30FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. Fortinet FortiAuthenticator is prone to an unspecified local privilege-escalation. Local attackers can exploit this issue to gain access to the system shell and run arbitrary shell commands with elevated privileges. Fortinet FortiAuthenticator 1.x and 2.x are vulnerable. FortiGuard FortiAuthenticator is a series of security authentication software from Fortinet. It can be combined with FortiToken (two-factor authentication token) to provide secure two-factor authentication to third-party devices authenticated by RADIUS or LDAP. A security vulnerability exists in FortiGuard FortiAuthenticator 2.2 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiauthenticator",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.2"
},
{
"model": "fortiauthenticator",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "3.0"
},
{
"model": "fortiauthenticator",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "2.2"
},
{
"model": "fortiauthenticator",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.0"
},
{
"model": "fortiauthenticator",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "1.0"
},
{
"model": "fortiauthenticator",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "64610"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006382"
},
{
"db": "NVD",
"id": "CVE-2013-6990"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-057"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yvan Janssens",
"sources": [
{
"db": "BID",
"id": "64610"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-057"
}
],
"trust": 0.9
},
"cve": "CVE-2013-6990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-6990",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-66992",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6990",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-057",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-66992",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66992"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006382"
},
{
"db": "NVD",
"id": "CVE-2013-6990"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-057"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. Fortinet FortiAuthenticator is prone to an unspecified local privilege-escalation. \nLocal attackers can exploit this issue to gain access to the system shell and run arbitrary shell commands with elevated privileges. \nFortinet FortiAuthenticator 1.x and 2.x are vulnerable. FortiGuard FortiAuthenticator is a series of security authentication software from Fortinet. It can be combined with FortiToken (two-factor authentication token) to provide secure two-factor authentication to third-party devices authenticated by RADIUS or LDAP. A security vulnerability exists in FortiGuard FortiAuthenticator 2.2 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6990"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006382"
},
{
"db": "BID",
"id": "64610"
},
{
"db": "VULHUB",
"id": "VHN-66992"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6990",
"trust": 2.8
},
{
"db": "BID",
"id": "64610",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006382",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-057",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-66992",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66992"
},
{
"db": "BID",
"id": "64610"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006382"
},
{
"db": "NVD",
"id": "CVE-2013-6990"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-057"
}
]
},
"id": "VAR-201404-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-66992"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:30:46.198000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FortiAuthenticator Privilege Escalation Vulnerability",
"trust": 0.8,
"url": "http://www.fortiguard.com/advisory/fg-ir-13-016/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006382"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66992"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006382"
},
{
"db": "NVD",
"id": "CVE-2013-6990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.fortiguard.com/advisory/fg-ir-13-016/"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96200"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6990"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6990"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/64610"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/products/fortiauthenticator/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66992"
},
{
"db": "BID",
"id": "64610"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006382"
},
{
"db": "NVD",
"id": "CVE-2013-6990"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-057"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-66992"
},
{
"db": "BID",
"id": "64610"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006382"
},
{
"db": "NVD",
"id": "CVE-2013-6990"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-057"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-66992"
},
{
"date": "2013-12-15T00:00:00",
"db": "BID",
"id": "64610"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006382"
},
{
"date": "2014-04-30T14:22:05.860000",
"db": "NVD",
"id": "CVE-2013-6990"
},
{
"date": "2013-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-057"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-66992"
},
{
"date": "2013-12-15T00:00:00",
"db": "BID",
"id": "64610"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006382"
},
{
"date": "2017-08-29T01:34:02.403000",
"db": "NVD",
"id": "CVE-2013-6990"
},
{
"date": "2014-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-057"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-057"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiGuard FortiAuthenticator Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006382"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-057"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…