var-201712-1116
Vulnerability from variot
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. Fortinet FortiOS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following versions are vulnerable: FortiOS 5.6.0 through 5.6.2 FortiOS 5.4.0 through 5.4.5 FortiOS 5.2 and prior. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. An information disclosure vulnerability exists in Fortinet FortiOS versions 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, and 5.2 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-1116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortios",
"scope": "lte",
"trust": 1.8,
"vendor": "fortinet",
"version": "5.2"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"model": "fortios",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.4.5"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.6.0"
},
{
"model": "fortios",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.6.2"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.4.0 to 5.4.5"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.6.0 to 5.6.2"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.2"
},
{
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.6"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6.1"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.1"
},
{
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6.3"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.0"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.2"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.3"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.1"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.4"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6.2"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.5"
}
],
"sources": [
{
"db": "BID",
"id": "102151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011265"
},
{
"db": "NVD",
"id": "CVE-2017-7738"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.2",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.5",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7738"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jean-Noel Meurisse, Solvay S.A.",
"sources": [
{
"db": "BID",
"id": "102151"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
],
"trust": 0.9
},
"cve": "CVE-2017-7738",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-7738",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-115941",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7738",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7738",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-427",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-115941",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115941"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011265"
},
{
"db": "NVD",
"id": "CVE-2017-7738"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. Fortinet FortiOS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. \nThe following versions are vulnerable:\nFortiOS 5.6.0 through 5.6.2\nFortiOS 5.4.0 through 5.4.5\nFortiOS 5.2 and prior. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. An information disclosure vulnerability exists in Fortinet FortiOS versions 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, and 5.2 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7738"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011265"
},
{
"db": "BID",
"id": "102151"
},
{
"db": "VULHUB",
"id": "VHN-115941"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7738",
"trust": 2.8
},
{
"db": "BID",
"id": "102151",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011265",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-427",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-115941",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115941"
},
{
"db": "BID",
"id": "102151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011265"
},
{
"db": "NVD",
"id": "CVE-2017-7738"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
]
},
"id": "VAR-201712-1116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115941"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:05:36.559000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-17-172",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-17-172"
},
{
"title": "Fortinet FortiOS Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77131"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011265"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115941"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011265"
},
{
"db": "NVD",
"id": "CVE-2017-7738"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102151"
},
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-17-172"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7738"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7738"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
},
{
"trust": 0.3,
"url": "https://fortiguard.com/psirt/fg-ir-17-172"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115941"
},
{
"db": "BID",
"id": "102151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011265"
},
{
"db": "NVD",
"id": "CVE-2017-7738"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115941"
},
{
"db": "BID",
"id": "102151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011265"
},
{
"db": "NVD",
"id": "CVE-2017-7738"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-115941"
},
{
"date": "2017-12-12T00:00:00",
"db": "BID",
"id": "102151"
},
{
"date": "2018-01-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011265"
},
{
"date": "2017-12-13T22:29:00.283000",
"db": "NVD",
"id": "CVE-2017-7738"
},
{
"date": "2017-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-26T00:00:00",
"db": "VULHUB",
"id": "VHN-115941"
},
{
"date": "2017-12-19T22:38:00",
"db": "BID",
"id": "102151"
},
{
"date": "2018-01-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011265"
},
{
"date": "2017-12-26T16:02:01.290000",
"db": "NVD",
"id": "CVE-2017-7738"
},
{
"date": "2017-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiOS Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011265"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-427"
}
],
"trust": 0.6
}
}
Loading...