Details of VAR-201405-0423

ID

VAR-201405-0423

CVE

CVE-2014-3115

TITLE

Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability

Trust: 0.8

sources: CERT/CC: VU#902790

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability. (CWE-352). Fortinet FortiWeb is prone to multiple cross-site request-forgery vulnerabilities because it does not properly validate HTTP requests. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Fortinet FortiWeb 5.1.x and prior versions are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. Impact A remote unauthenticated attacker may be able to trick a user into making an unintentional request to the web administration interface, via link or JavaScript hosted on a malicious web page. This forged request may be treated as authentic and result in unauthorized actions in the web administration interface. A successful attack would require the administrator to be logged in, and attacker knowledge of the internal FortiWeb administration URL. Affected Products FortiWeb 5.1.x and lower. Solutions Upgrade to FortiWeb 5.2.0 or higher. Acknowledgement This vulnerability was separately reported by both William Costa and Enrique Nissim

Trust: 2.88

sources: NVD: CVE-2014-3115 // CERT/CC: VU#902790 // JVNDB: JVNDB-2014-002405 // BID: 67235 // VULHUB: VHN-71054 // VULMON: CVE-2014-3115 // PACKETSTORM: 126543

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiweb	scope:	eq	version:	5.1.2	Trust: 1.6
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	5.1.3	Trust: 1.6
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	5.1.0	Trust: 1.6
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	5.1.1	Trust: 1.6
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	5.1.4	Trust: 1.0
vendor:	fortinet	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	5.1	Trust: 0.8
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	5.1.4	Trust: 0.6

sources: CERT/CC: VU#902790 // JVNDB: JVNDB-2014-002405 // CNNVD: CNNVD-201405-192 // NVD: CVE-2014-3115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3115
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3115
value:	MEDIUM
Trust: 0.8
IPA:	JVNDB-2014-002405
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-192
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71054
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-3115
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3115
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2014-3115
severity:	MEDIUM
baseScore:	5.8
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2014-002405
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-71054
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#902790 // VULHUB: VHN-71054 // VULMON: CVE-2014-3115 // JVNDB: JVNDB-2014-002405 // CNNVD: CNNVD-201405-192 // NVD: CVE-2014-3115

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 2.7

sources: CERT/CC: VU#902790 // VULHUB: VHN-71054 // JVNDB: JVNDB-2014-002405 // NVD: CVE-2014-3115

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-192

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201405-192

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002405

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#902790 // VULHUB: VHN-71054

PATCH

title:

FortiWeb Cross-Site Request Forgery Vulnerability

url:

http://www.fortiguard.com/advisory/FG-IR-14-013/

Trust: 0.8

sources: JVNDB: JVNDB-2014-002405

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3115	Trust: 3.0
db:	CERT/CC	id:	VU#902790	Trust: 2.8
db:	SECTRACK	id:	1030200	Trust: 1.2
db:	JVN	id:	JVNVU99180587	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-002405	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-192	Trust: 0.7
db:	BID	id:	67235	Trust: 0.4
db:	PACKETSTORM	id:	126543	Trust: 0.2
db:	VULHUB	id:	VHN-71054	Trust: 0.1
db:	VULMON	id:	CVE-2014-3115	Trust: 0.1

sources: CERT/CC: VU#902790 // VULHUB: VHN-71054 // VULMON: CVE-2014-3115 // BID: 67235 // JVNDB: JVNDB-2014-002405 // PACKETSTORM: 126543 // CNNVD: CNNVD-201405-192 // NVD: CVE-2014-3115

REFERENCES

url:	http://www.fortiguard.com/advisory/fg-ir-14-013/	Trust: 2.6
url:	http://www.kb.cert.org/vuls/id/902790	Trust: 2.0
url:	http://seclists.org/fulldisclosure/2014/may/30	Trust: 1.2
url:	http://www.securitytracker.com/id/1030200	Trust: 1.2
url:	http://cwe.mitre.org/data/definitions/352.html	Trust: 0.9
url:	http://www.fortinet.com/products/fortiweb/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3115	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99180587/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3115	Trust: 0.8
url:	http://www.fortinet.com/	Trust: 0.3
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3115	Trust: 0.1

CREDITS

William Costa, and Enrique Nissim

Trust: 0.3

sources: BID: 67235

SOURCES

db:	CERT/CC	id:	VU#902790
db:	VULHUB	id:	VHN-71054
db:	VULMON	id:	CVE-2014-3115
db:	BID	id:	67235
db:	JVNDB	id:	JVNDB-2014-002405
db:	PACKETSTORM	id:	126543
db:	CNNVD	id:	CNNVD-201405-192
db:	NVD	id:	CVE-2014-3115

LAST UPDATE DATE

2024-09-09T23:20:05.052000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#902790	date:	2014-05-07T00:00:00
db:	VULHUB	id:	VHN-71054	date:	2015-08-01T00:00:00
db:	VULMON	id:	CVE-2014-3115	date:	2015-08-01T00:00:00
db:	BID	id:	67235	date:	2014-05-08T01:11:00
db:	JVNDB	id:	JVNDB-2014-002405	date:	2014-05-12T00:00:00
db:	CNNVD	id:	CNNVD-201405-192	date:	2014-05-12T00:00:00
db:	NVD	id:	CVE-2014-3115	date:	2015-08-01T01:37:30.260

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#902790	date:	2014-05-07T00:00:00
db:	VULHUB	id:	VHN-71054	date:	2014-05-08T00:00:00
db:	VULMON	id:	CVE-2014-3115	date:	2014-05-08T00:00:00
db:	BID	id:	67235	date:	2014-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-002405	date:	2014-05-08T00:00:00
db:	PACKETSTORM	id:	126543	date:	2014-05-07T19:32:22
db:	CNNVD	id:	CNNVD-201405-192	date:	2014-05-12T00:00:00
db:	NVD	id:	CVE-2014-3115	date:	2014-05-08T14:29:14.830