var-201908-0051
Vulnerability from variot
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. Fortinet FortiManager Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Fortinet FortiManager and Fortinet FortiManager VM are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager VM is a centralized network security management platform for virtual machines. The platform can group devices into different management domains (ADOMs) for secure deployment and management. There is a security vulnerability in Fortinet FortiManager VM versions before 6.2.0 and 6.0.6. The vulnerability is caused by the lack of root file system integrity check in the program. An attacker could exploit this vulnerability to inject third-party programs
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0051", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortimanager", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.6" }, { "model": "fortimanager", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortimanager", "scope": "lt", "trust": 0.8, "vendor": "fortinet", "version": "6.2.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008216" }, { "db": "NVD", "id": "CVE-2019-6695" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:virtual_machine:*:*:*", "cpe_name": [], "versionEndIncluding": "6.0.6", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-6695" } ] }, "cve": "CVE-2019-6695", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2019-6695", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-158130", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-6695", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-6695", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201908-1931", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-158130", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-158130" }, { "db": "JVNDB", "id": "JVNDB-2019-008216" }, { "db": "NVD", "id": "CVE-2019-6695" }, { "db": "CNNVD", "id": "CNNVD-201908-1931" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. Fortinet FortiManager Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Fortinet FortiManager and Fortinet FortiManager VM are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager VM is a centralized network security management platform for virtual machines. The platform can group devices into different management domains (ADOMs) for secure deployment and management. There is a security vulnerability in Fortinet FortiManager VM versions before 6.2.0 and 6.0.6. The vulnerability is caused by the lack of root file system integrity check in the program. An attacker could exploit this vulnerability to inject third-party programs", "sources": [ { "db": "NVD", "id": "CVE-2019-6695" }, { "db": "JVNDB", "id": "JVNDB-2019-008216" }, { "db": "VULHUB", "id": "VHN-158130" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6695", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2019-008216", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201908-1931", "trust": 0.7 }, { "db": "NSFOCUS", "id": "44162", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-158130", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-158130" }, { "db": "JVNDB", "id": "JVNDB-2019-008216" }, { "db": "NVD", "id": "CVE-2019-6695" }, { "db": "CNNVD", "id": "CNNVD-201908-1931" } ] }, "id": "VAR-201908-0051", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-158130" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:02:07.162000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-19-017", "trust": 0.8, "url": "https://fortiguard.com/psirt/fg-ir-19-017" }, { "title": "Fortinet FortiManager VM Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=96983" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008216" }, { "db": "CNNVD", "id": "CNNVD-201908-1931" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-345", "trust": 1.1 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-158130" }, { "db": "JVNDB", "id": "JVNDB-2019-008216" }, { "db": "NVD", "id": "CVE-2019-6695" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-19-017" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6695" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6695" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/44162" } ], "sources": [ { "db": "VULHUB", "id": "VHN-158130" }, { "db": "JVNDB", "id": "JVNDB-2019-008216" }, { "db": "NVD", "id": "CVE-2019-6695" }, { "db": "CNNVD", "id": "CNNVD-201908-1931" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-158130" }, { "db": "JVNDB", "id": "JVNDB-2019-008216" }, { "db": "NVD", "id": "CVE-2019-6695" }, { "db": "CNNVD", "id": "CNNVD-201908-1931" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-23T00:00:00", "db": "VULHUB", "id": "VHN-158130" }, { "date": "2019-08-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008216" }, { "date": "2019-08-23T21:15:12.193000", "db": "NVD", "id": "CVE-2019-6695" }, { "date": "2019-08-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-1931" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-03-01T00:00:00", "db": "VULHUB", "id": "VHN-158130" }, { "date": "2019-08-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008216" }, { "date": "2023-03-01T18:38:45.647000", "db": "NVD", "id": "CVE-2019-6695" }, { "date": "2023-03-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-1931" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-1931" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet FortiManager Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008216" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "data forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-1931" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.