Vulnerabilites related to fortinet - fortiadc_firmware
Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2024-11-21 02:19
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiadc_firmware | * | |
| fortinet | fortiadc-1500d | - | |
| fortinet | fortiadc-2000d | - | |
| fortinet | fortiadc-200d | - | |
| fortinet | fortiadc-4000d | - | |
| fortinet | fortiadc-700d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortiadc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0BBA50-9892-4F43-ABA8-D707DF4CBFE1",
"versionEndIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-1500d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "274CBD0B-E479-46FA-B49E-98C40D4F7FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-2000d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1A4E26-7A8C-4263-A68A-BFEBCF9B7AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-200d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED99A22-40FD-4B45-8BD9-1E10D4311009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-4000d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "564E4319-6E2C-473C-B591-3AE69E8FABCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-700d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F65379F-30CF-48A2-9C82-1C2DB52244E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la p\u00e1gina de acceso del tema en modelos Fortinet FortiADC D en versiones anteriores a 4.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-8618",
"lastModified": "2024-11-21T02:19:27.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-12T19:59:01.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032265"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-01 23:55
Modified
2024-11-21 02:19
Severity ?
Summary
FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | coyote_point_equalizer_firmware | 10.2.0a | |
| fortinet | coyote_point_equalizer | - | |
| fortinet | fortiadc_firmware | 3.1.1 | |
| fortinet | fortiadc_firmware | 3.2.0 | |
| fortinet | fortiadc_firmware | 3.2.1 | |
| fortinet | fortiadc_firmware | 4.0.4 | |
| fortinet | fortiadc-1000e | - | |
| fortinet | fortiadc-300e | - | |
| fortinet | fortiadc-400e | - | |
| fortinet | fortiadc-600e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:coyote_point_equalizer_firmware:10.2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "DC84FDDC-1990-4730-80A9-D8612C69C4DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:coyote_point_equalizer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACAC0FC5-6E64-4092-B2FB-DE2AEF7D680B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortiadc_firmware:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA8F97BF-61EA-4896-B490-349BEBAA050C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiadc_firmware:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25B66E1A-93E2-4251-8953-3C82704D9DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiadc_firmware:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "985AD97D-669B-433C-975E-877B147503EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiadc_firmware:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99162FEE-AFDF-44A5-9D66-D1BD65CDA8D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-1000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C04FD0-F54D-461C-AB13-80557B838FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E75BFB-3DE5-4DB5-9C90-3AB9D22EBC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-400e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A8EE3A-31E1-44B5-AA2C-D6F2989C4B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-600e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94593E5C-BCBC-4368-89E2-0372A17D9296",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors."
},
{
"lang": "es",
"value": "FortiNet FortiADC-E con firmware 3.1.1 anterior a 4.0.5 y Coyote Point Equalizer con firmware 10.2.0a permite a atacantes remotos obtener el acceso a subredes arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-8582",
"lastModified": "2024-11-21T02:19:22.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-01T23:55:09.823",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61866"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-10 20:29
Modified
2024-11-21 02:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiadc_firmware | * | |
| fortinet | fortiadc-1000e | - | |
| fortinet | fortiadc-1500d | - | |
| fortinet | fortiadc-2000d | - | |
| fortinet | fortiadc-200d | - | |
| fortinet | fortiadc-300e | - | |
| fortinet | fortiadc-4000d | - | |
| fortinet | fortiadc-400e | - | |
| fortinet | fortiadc-600e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortiadc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B37EB14C-8AE2-4455-BF4F-9083BF5C263E",
"versionEndIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-1000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C04FD0-F54D-461C-AB13-80557B838FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-1500d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "274CBD0B-E479-46FA-B49E-98C40D4F7FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-2000d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1A4E26-7A8C-4263-A68A-BFEBCF9B7AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-200d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED99A22-40FD-4B45-8BD9-1E10D4311009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E75BFB-3DE5-4DB5-9C90-3AB9D22EBC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-4000d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "564E4319-6E2C-473C-B591-3AE69E8FABCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-400e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A8EE3A-31E1-44B5-AA2C-D6F2989C4B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortiadc-600e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94593E5C-BCBC-4368-89E2-0372A17D9296",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz de administraci\u00f3n de web en FortiADC con firmware anterior a 3.2.1 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro locale hacia gui_partA/."
}
],
"id": "CVE-2014-0331",
"lastModified": "2024-11-21T02:01:53.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-10T20:29:20.440",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/53"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
},
{
"source": "cret@cert.org",
"url": "http://www.kb.cert.org/vuls/id/667340"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/66642"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id/1030018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/667340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030018"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-07 19:15
Modified
2024-11-21 05:40
Severity ?
Summary
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-20-013 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-20-013 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiadc_firmware | * | |
| fortinet | fortiadc | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortiadc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D413B68-9227-4FB6-9C96-2BE1FB71BBDF",
"versionEndIncluding": "5.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortiadc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B7C904-528A-48D2-B0F8-9AC9FCEA25FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autorizaci\u00f3n inapropiada en FortiADC puede permitir a un usuario autenticado remoto con bajos privilegios llevar a cabo determinadas acciones, como reiniciar el sistema."
}
],
"id": "CVE-2020-9286",
"lastModified": "2024-11-21T05:40:21.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-07T19:15:13.173",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-013"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-07 19:15
Modified
2024-11-21 05:36
Severity ?
Summary
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-20-012 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-20-012 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiadc_firmware | * | |
| fortinet | fortiadc_firmware | 5.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortiadc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D413B68-9227-4FB6-9C96-2BE1FB71BBDF",
"versionEndIncluding": "5.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiadc_firmware:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C027B9-B507-41E5-865D-52F460C7C219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de neutralizaci\u00f3n de entrada inapropiada en el panel de FortiADC puede permitir a un atacante autenticado llevar a cabo un ataque de tipo cross site scripting (XSS) por medio del par\u00e1metro name."
}
],
"id": "CVE-2020-6647",
"lastModified": "2024-11-21T05:36:05.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-07T19:15:13.127",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-012"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-9286
Vulnerability from cvelistv5
Published
2020-04-07 18:52
Modified
2024-10-25 14:02
Severity ?
EPSS score ?
Summary
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-20-013 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:15.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-013"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-9286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:59:19.316176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:02:00.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FortiADC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FortiADC 5.3.3 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T18:52:09",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2020-9286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiADC",
"version": {
"version_data": [
{
"version_value": "FortiADC 5.3.3 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-20-013",
"refsource": "MISC",
"url": "https://fortiguard.com/psirt/FG-IR-20-013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2020-9286",
"datePublished": "2020-04-07T18:52:09",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-10-25T14:02:00.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8582
Vulnerability from cvelistv5
Published
2014-11-01 23:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98384 | vdb-entry, x_refsource_XF | |
| http://www.fortiguard.com/advisory/FG-IR-14-032/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/61866 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:00.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
},
{
"name": "fortiadc-unauth-access(98384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
},
{
"name": "61866",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
},
{
"name": "fortiadc-unauth-access(98384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
},
{
"name": "61866",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf",
"refsource": "CONFIRM",
"url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
},
{
"name": "fortiadc-unauth-access(98384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
},
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-032/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
},
{
"name": "61866",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8582",
"datePublished": "2014-11-01T23:00:00",
"dateReserved": "2014-11-01T00:00:00",
"dateUpdated": "2024-08-06T13:26:00.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0331
Vulnerability from cvelistv5
Published
2014-04-10 14:00
Modified
2024-08-06 09:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/667340 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id/1030018 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/66642 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2014/Apr/53 | mailing-list, x_refsource_FULLDISC | |
| http://www.fortiguard.com/advisory/FG-IR-14-004 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:09.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#667340",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/667340"
},
{
"name": "1030018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030018"
},
{
"name": "66642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66642"
},
{
"name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T17:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#667340",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/667340"
},
{
"name": "1030018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030018"
},
{
"name": "66642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66642"
},
{
"name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#667340",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/667340"
},
{
"name": "1030018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030018"
},
{
"name": "66642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66642"
},
{
"name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/53"
},
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-004",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0331",
"datePublished": "2014-04-10T14:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T09:13:09.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-6647
Vulnerability from cvelistv5
Published
2020-04-07 18:41
Modified
2024-10-25 14:02
Severity ?
EPSS score ?
Summary
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-20-012 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Fortinet FortiADC |
Version: FortiADC 5.4.0 and 5.3.x before 5.3.5. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-012"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-6647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:59:20.957534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:02:12.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiADC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FortiADC 5.4.0 and 5.3.x before 5.3.5."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T18:41:40",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2020-6647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiADC",
"version": {
"version_data": [
{
"version_value": "FortiADC 5.4.0 and 5.3.x before 5.3.5."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-20-012",
"refsource": "MISC",
"url": "https://fortiguard.com/psirt/FG-IR-20-012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2020-6647",
"datePublished": "2020-04-07T18:41:40",
"dateReserved": "2020-01-09T00:00:00",
"dateUpdated": "2024-10-25T14:02:12.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8618
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.fortiguard.com/advisory/FG-IR-15-005/ | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1032265 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"name": "1032265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"name": "1032265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-15-005/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"name": "1032265",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8618",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2014-11-04T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}