var-201911-1310
Vulnerability from variot
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. FortiOS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1310", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "lte", "trust": 1.8, "vendor": "fortinet", "version": "6.0.6" }, { "model": "fortios", "scope": "lte", "trust": 1.8, "vendor": "fortinet", "version": "6.2.1" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013080" }, { "db": "NVD", "id": "CVE-2019-15705" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.0.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.2.1", "versionStartIncluding": "6.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-15705" } ] }, "cve": "CVE-2019-15705", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-15705", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-147778", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-15705", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-15705", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201911-1197", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-147778", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-147778" }, { "db": "JVNDB", "id": "JVNDB-2019-013080" }, { "db": "NVD", "id": "CVE-2019-15705" }, { "db": "CNNVD", "id": "CNNVD-201911-1197" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. FortiOS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam", "sources": [ { "db": "NVD", "id": "CVE-2019-15705" }, { "db": "JVNDB", "id": "JVNDB-2019-013080" }, { "db": "VULHUB", "id": "VHN-147778" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-15705", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2019-013080", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201911-1197", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.4388", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-62947", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-147778", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-147778" }, { "db": "JVNDB", "id": "JVNDB-2019-013080" }, { "db": "NVD", "id": "CVE-2019-15705" }, { "db": "CNNVD", "id": "CNNVD-201911-1197" } ] }, "id": "VAR-201911-1310", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-147778" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:38:04.622000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-19-236", "trust": 0.8, "url": "https://fortiguard.com/advisory/fg-ir-19-236" }, { "title": "Fortinet FortiOS Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105210" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013080" }, { "db": "CNNVD", "id": "CNNVD-201911-1197" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-147778" }, { "db": "JVNDB", "id": "JVNDB-2019-013080" }, { "db": "NVD", "id": "CVE-2019-15705" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-19-236" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15705" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15705" }, { "trust": 0.6, "url": "https://fortiguard.com/psirt/fg-ir-19-236" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortios-denial-of-service-via-ssl-vpn-portal-post-request-31019" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4388/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-147778" }, { "db": "JVNDB", "id": "JVNDB-2019-013080" }, { "db": "NVD", "id": "CVE-2019-15705" }, { "db": "CNNVD", "id": "CNNVD-201911-1197" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-147778" }, { "db": "JVNDB", "id": "JVNDB-2019-013080" }, { "db": "NVD", "id": "CVE-2019-15705" }, { "db": "CNNVD", "id": "CNNVD-201911-1197" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-27T00:00:00", "db": "VULHUB", "id": "VHN-147778" }, { "date": "2019-12-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013080" }, { "date": "2019-11-27T21:15:12.747000", "db": "NVD", "id": "CVE-2019-15705" }, { "date": "2019-11-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201911-1197" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-16T00:00:00", "db": "VULHUB", "id": "VHN-147778" }, { "date": "2019-12-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013080" }, { "date": "2019-12-16T15:00:10.517000", "db": "NVD", "id": "CVE-2019-15705" }, { "date": "2020-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201911-1197" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201911-1197" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiOS Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013080" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201911-1197" } ], "trust": 0.6 } }
Loading...