ID

VAR-201405-0423


CVE

CVE-2014-3115


TITLE

Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability

Trust: 0.8

sources: CERT/CC: VU#902790

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability. (CWE-352). Fortinet FortiWeb is prone to multiple cross-site request-forgery vulnerabilities because it does not properly validate HTTP requests. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Fortinet FortiWeb 5.1.x and prior versions are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. Impact A remote unauthenticated attacker may be able to trick a user into making an unintentional request to the web administration interface, via link or JavaScript hosted on a malicious web page. This forged request may be treated as authentic and result in unauthorized actions in the web administration interface. A successful attack would require the administrator to be logged in, and attacker knowledge of the internal FortiWeb administration URL. Affected Products FortiWeb 5.1.x and lower. Solutions Upgrade to FortiWeb 5.2.0 or higher. Acknowledgement This vulnerability was separately reported by both William Costa and Enrique Nissim

Trust: 2.88

sources: NVD: CVE-2014-3115 // CERT/CC: VU#902790 // JVNDB: JVNDB-2014-002405 // BID: 67235 // VULHUB: VHN-71054 // VULMON: CVE-2014-3115 // PACKETSTORM: 126543

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.2

Trust: 1.6

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.3

Trust: 1.6

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.0

Trust: 1.6

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.1

Trust: 1.6

vendor:fortinetmodel:fortiwebscope:lteversion:5.1.4

Trust: 1.0

vendor:fortinetmodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiwebscope:lteversion:5.1

Trust: 0.8

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.4

Trust: 0.6

sources: CERT/CC: VU#902790 // JVNDB: JVNDB-2014-002405 // CNNVD: CNNVD-201405-192 // NVD: CVE-2014-3115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3115
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3115
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2014-002405
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-192
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71054
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-3115
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3115
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2014-3115
severity: MEDIUM
baseScore: 5.8
vectorString: NONE
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2014-002405
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-71054
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#902790 // VULHUB: VHN-71054 // VULMON: CVE-2014-3115 // JVNDB: JVNDB-2014-002405 // CNNVD: CNNVD-201405-192 // NVD: CVE-2014-3115

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 2.7

sources: CERT/CC: VU#902790 // VULHUB: VHN-71054 // JVNDB: JVNDB-2014-002405 // NVD: CVE-2014-3115

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-192

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201405-192

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002405

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#902790 // VULHUB: VHN-71054

PATCH

title:FortiWeb Cross-Site Request Forgery Vulnerabilityurl:http://www.fortiguard.com/advisory/FG-IR-14-013/

Trust: 0.8

sources: JVNDB: JVNDB-2014-002405

EXTERNAL IDS

db:NVDid:CVE-2014-3115

Trust: 3.0

db:CERT/CCid:VU#902790

Trust: 2.8

db:SECTRACKid:1030200

Trust: 1.2

db:JVNid:JVNVU99180587

Trust: 0.8

db:JVNDBid:JVNDB-2014-002405

Trust: 0.8

db:CNNVDid:CNNVD-201405-192

Trust: 0.7

db:BIDid:67235

Trust: 0.4

db:PACKETSTORMid:126543

Trust: 0.2

db:VULHUBid:VHN-71054

Trust: 0.1

db:VULMONid:CVE-2014-3115

Trust: 0.1

sources: CERT/CC: VU#902790 // VULHUB: VHN-71054 // VULMON: CVE-2014-3115 // BID: 67235 // JVNDB: JVNDB-2014-002405 // PACKETSTORM: 126543 // CNNVD: CNNVD-201405-192 // NVD: CVE-2014-3115

REFERENCES

url:http://www.fortiguard.com/advisory/fg-ir-14-013/

Trust: 2.6

url:http://www.kb.cert.org/vuls/id/902790

Trust: 2.0

url:http://seclists.org/fulldisclosure/2014/may/30

Trust: 1.2

url:http://www.securitytracker.com/id/1030200

Trust: 1.2

url:http://cwe.mitre.org/data/definitions/352.html

Trust: 0.9

url:http://www.fortinet.com/products/fortiweb/

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3115

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99180587/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3115

Trust: 0.8

url:http://www.fortinet.com/

Trust: 0.3

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3115

Trust: 0.1

sources: CERT/CC: VU#902790 // VULHUB: VHN-71054 // VULMON: CVE-2014-3115 // BID: 67235 // JVNDB: JVNDB-2014-002405 // PACKETSTORM: 126543 // CNNVD: CNNVD-201405-192 // NVD: CVE-2014-3115

CREDITS

William Costa, and Enrique Nissim

Trust: 0.3

sources: BID: 67235

SOURCES

db:CERT/CCid:VU#902790
db:VULHUBid:VHN-71054
db:VULMONid:CVE-2014-3115
db:BIDid:67235
db:JVNDBid:JVNDB-2014-002405
db:PACKETSTORMid:126543
db:CNNVDid:CNNVD-201405-192
db:NVDid:CVE-2014-3115

LAST UPDATE DATE

2024-09-09T23:20:05.052000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#902790date:2014-05-07T00:00:00
db:VULHUBid:VHN-71054date:2015-08-01T00:00:00
db:VULMONid:CVE-2014-3115date:2015-08-01T00:00:00
db:BIDid:67235date:2014-05-08T01:11:00
db:JVNDBid:JVNDB-2014-002405date:2014-05-12T00:00:00
db:CNNVDid:CNNVD-201405-192date:2014-05-12T00:00:00
db:NVDid:CVE-2014-3115date:2015-08-01T01:37:30.260

SOURCES RELEASE DATE

db:CERT/CCid:VU#902790date:2014-05-07T00:00:00
db:VULHUBid:VHN-71054date:2014-05-08T00:00:00
db:VULMONid:CVE-2014-3115date:2014-05-08T00:00:00
db:BIDid:67235date:2014-05-02T00:00:00
db:JVNDBid:JVNDB-2014-002405date:2014-05-08T00:00:00
db:PACKETSTORMid:126543date:2014-05-07T19:32:22
db:CNNVDid:CNNVD-201405-192date:2014-05-12T00:00:00
db:NVDid:CVE-2014-3115date:2014-05-08T14:29:14.830