ID

VAR-200606-0317


CVE

CVE-2006-3222


TITLE

Fortinet FortiGate FTP Scanning agent Access control bypass vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200606-490

DESCRIPTION

The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. Fortinet FortiGate is prone to a vulnerability that allows an attacker to bypass antivirus protection. This issue occurs when files are transferred using the FTP protocol under certain conditions. Fortinet FortiOS versions prior to 2.80 MR12 and 3.0 MR2 are vulnerable to this issue if the FTP antivirus gateway-scanning service is used. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. ---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: FortiGate FTP Anti-Virus Scanning Bypass Vulnerability SECUNIA ADVISORY ID: SA20720 VERIFY ADVISORY: http://secunia.com/advisories/20720/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Fortinet FortiOS (FortiGate) 3.x http://secunia.com/product/6802/ Fortinet FortiOS (FortiGate) 2.x http://secunia.com/product/2289/ DESCRIPTION: A vulnerability has been reported in FortiGate, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the FortiGate FTP proxy when handling the ESPV command. SOLUTION: Update to FortiOS 2.80 MR12 release or FortiOS 3.0 MR2 release. Users can contact Fortinet Tech Support to obtain the updated firmware. PROVIDED AND/OR DISCOVERED BY: The vendor credits a recent magazine test review article. ORIGINAL ADVISORY: http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-3222 // BID: 18570 // VULHUB: VHN-19330 // PACKETSTORM: 47570

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:eqversion:3.0

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:2.80

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:2.50

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:2.36

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:2.8_mr10

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:3.0_beta

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:2.5_0mr4

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:3.0_mr1

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:2.50_mr5

Trust: 1.6

vendor:fortinetmodel:fortios betascope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:fortios mr5scope:eqversion:2.50

Trust: 0.3

vendor:fortinetmodel:fortios mr10scope:eqversion:2.8

Trust: 0.3

vendor:fortinetmodel:fortios 0mr4scope:eqversion:2.5

Trust: 0.3

vendor:fortinetmodel:fortios mr1scope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:fortios mr2scope:neversion:3.0

Trust: 0.3

vendor:fortinetmodel:fortios mr12scope:neversion:2.80

Trust: 0.3

sources: BID: 18570 // CNNVD: CNNVD-200606-490 // NVD: CVE-2006-3222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3222
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200606-490
value: MEDIUM

Trust: 0.6

VULHUB: VHN-19330
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-3222
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-19330
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-19330 // CNNVD: CNNVD-200606-490 // NVD: CVE-2006-3222

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3222

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-490

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200606-490

EXTERNAL IDS

db:BIDid:18570

Trust: 2.0

db:SECUNIAid:20720

Trust: 1.8

db:VUPENid:ADV-2006-2467

Trust: 1.7

db:NVDid:CVE-2006-3222

Trust: 1.7

db:OSVDBid:26736

Trust: 1.7

db:CNNVDid:CNNVD-200606-490

Trust: 0.7

db:VIMid:20060707 FORTIGATE ISSUE - "EPSV" NOT "ESPV"

Trust: 0.6

db:XFid:27532

Trust: 0.6

db:VULHUBid:VHN-19330

Trust: 0.1

db:PACKETSTORMid:47570

Trust: 0.1

sources: VULHUB: VHN-19330 // BID: 18570 // PACKETSTORM: 47570 // CNNVD: CNNVD-200606-490 // NVD: CVE-2006-3222

REFERENCES

url:http://www.fortinet.com/fortiguardcenter/advisory/fg-2006-15.html

Trust: 2.1

url:http://www.securityfocus.com/bid/18570

Trust: 1.7

url:http://www.osvdb.org/26736

Trust: 1.7

url:http://secunia.com/advisories/20720

Trust: 1.7

url:http://attrition.org/pipermail/vim/2006-july/000921.html

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/2467

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27532

Trust: 1.1

url:http://www.frsirt.com/english/advisories/2006/2467

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/27532

Trust: 0.6

url:http://www.fortinet.com/

Trust: 0.3

url:http://secunia.com/product/6802/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/20720/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/secunia_security_specialist/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/2289/

Trust: 0.1

sources: VULHUB: VHN-19330 // BID: 18570 // PACKETSTORM: 47570 // CNNVD: CNNVD-200606-490 // NVD: CVE-2006-3222

CREDITS

FortiGuard Center

Trust: 0.6

sources: CNNVD: CNNVD-200606-490

SOURCES

db:VULHUBid:VHN-19330
db:BIDid:18570
db:PACKETSTORMid:47570
db:CNNVDid:CNNVD-200606-490
db:NVDid:CVE-2006-3222

LAST UPDATE DATE

2024-08-14T14:35:32.658000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-19330date:2017-07-20T00:00:00
db:BIDid:18570date:2006-06-21T22:35:00
db:CNNVDid:CNNVD-200606-490date:2006-06-27T00:00:00
db:NVDid:CVE-2006-3222date:2017-07-20T01:32:08.727

SOURCES RELEASE DATE

db:VULHUBid:VHN-19330date:2006-06-24T00:00:00
db:BIDid:18570date:2006-06-21T00:00:00
db:PACKETSTORMid:47570date:2006-06-25T20:51:40
db:CNNVDid:CNNVD-200606-490date:2006-06-24T00:00:00
db:NVDid:CVE-2006-3222date:2006-06-24T10:06:00