var-201607-0244
Vulnerability from variot
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. Fortinet FortiWeb is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability using directory-traversal characters ('../') to perform unauthorized actions. Versions prior to Fortinet FortiWeb 5.5.3 are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. A directory traversal vulnerability exists in Fortinet FortiWeb versions 4.4.6 through 5.5.2
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0244", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiweb", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.5.2" }, { "model": "fortiweb", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "5.5.2" }, { "model": "fortiweb", "scope": "lt", "trust": 0.8, "vendor": "fortinet", "version": "5.5.3" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.5.1" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.5" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.5" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.4" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.3" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.2" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.1" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.4" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.3" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.2" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.1" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.4.7" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.4.6" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.4" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.3" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.2" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.1" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.0" }, { "model": "fortiweb", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.5.3" } ], "sources": [ { "db": "BID", "id": "91771" }, { "db": "JVNDB", "id": "JVNDB-2016-003761" }, { "db": "NVD", "id": "CVE-2016-5092" }, { "db": "CNNVD", "id": "CNNVD-201606-584" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.5.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-5092" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ewoud Vlasselaer from Dimension Data Belgium", "sources": [ { "db": "BID", "id": "91771" }, { "db": "CNNVD", "id": "CNNVD-201606-584" } ], "trust": 0.9 }, "cve": "CVE-2016-5092", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-5092", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-93911", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-5092", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-5092", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201606-584", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-93911", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-93911" }, { "db": "JVNDB", "id": "JVNDB-2016-003761" }, { "db": "NVD", "id": "CVE-2016-5092" }, { "db": "CNNVD", "id": "CNNVD-201606-584" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. Fortinet FortiWeb is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. \nAn attacker could exploit this vulnerability using directory-traversal characters (\u0027../\u0027) to perform unauthorized actions. \nVersions prior to Fortinet FortiWeb 5.5.3 are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. A directory traversal vulnerability exists in Fortinet FortiWeb versions 4.4.6 through 5.5.2", "sources": [ { "db": "NVD", "id": "CVE-2016-5092" }, { "db": "JVNDB", "id": "JVNDB-2016-003761" }, { "db": "BID", "id": "91771" }, { "db": "VULHUB", "id": "VHN-93911" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-5092", "trust": 2.8 }, { "db": "JVNDB", "id": "JVNDB-2016-003761", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201606-584", "trust": 0.7 }, { "db": "BID", "id": "91771", "trust": 0.4 }, { "db": "VULHUB", "id": "VHN-93911", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93911" }, { "db": "BID", "id": "91771" }, { "db": "JVNDB", "id": "JVNDB-2016-003761" }, { "db": "NVD", "id": "CVE-2016-5092" }, { "db": "CNNVD", "id": "CNNVD-201606-584" } ] }, "id": "VAR-201607-0244", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-93911" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:24:37.814000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fortiweb path traversal vulnerability", "trust": 0.8, "url": "http://fortiguard.com/advisory/fortiweb-path-traversal-vulnerability" }, { "title": "Fortinet FortiWeb Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62500" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003761" }, { "db": "CNNVD", "id": "CNNVD-201606-584" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93911" }, { "db": "JVNDB", "id": "JVNDB-2016-003761" }, { "db": "NVD", "id": "CVE-2016-5092" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://fortiguard.com/advisory/fortiweb-path-traversal-vulnerability" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5092" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5092" }, { "trust": 0.3, "url": "http://www.fortinet.com/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-93911" }, { "db": "BID", "id": "91771" }, { "db": "JVNDB", "id": "JVNDB-2016-003761" }, { "db": "NVD", "id": "CVE-2016-5092" }, { "db": "CNNVD", "id": "CNNVD-201606-584" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-93911" }, { "db": "BID", "id": "91771" }, { "db": "JVNDB", "id": "JVNDB-2016-003761" }, { "db": "NVD", "id": "CVE-2016-5092" }, { "db": "CNNVD", "id": "CNNVD-201606-584" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-07-13T00:00:00", "db": "VULHUB", "id": "VHN-93911" }, { "date": "2016-05-26T00:00:00", "db": "BID", "id": "91771" }, { "date": "2016-07-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003761" }, { "date": "2016-07-13T15:59:06.857000", "db": "NVD", "id": "CVE-2016-5092" }, { "date": "2016-05-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201606-584" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-07-14T00:00:00", "db": "VULHUB", "id": "VHN-93911" }, { "date": "2016-05-26T00:00:00", "db": "BID", "id": "91771" }, { "date": "2016-07-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003761" }, { "date": "2016-07-14T15:17:42.967000", "db": "NVD", "id": "CVE-2016-5092" }, { "date": "2016-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201606-584" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201606-584" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet FortiWeb Vulnerable to directory traversal", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003761" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-201606-584" } ], "trust": 0.6 } }