ID

VAR-201408-0330


CVE

CVE-2014-2216


TITLE

FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#730964

DESCRIPTION

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request. Fortinet FortiGate and FortiWiFi appliances are susceptible to man-in-the-middle attacks (CWE-300) and a heap-based overflow vulnerability (CWE-122). In addition, JVNVU#96848844 Then CWE-300 and CWE-122 Published as. Fortinet FortiOS is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. FortiManager protocol service versions prior to FortiOS 4.3.16 and FortiOS versions prior to 5.0.8 on FortiGate units have a security vulnerability

Trust: 2.7

sources: NVD: CVE-2014-2216 // CERT/CC: VU#730964 // JVNDB: JVNDB-2014-003933 // BID: 69338 // VULHUB: VHN-70155

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:eqversion:5.0.3

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.4

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:4.3.14

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:4.3.12

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.6

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.5

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.7

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:4.3.13

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.0

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:4.3.10

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:4.3.15

Trust: 1.0

vendor:fortinetmodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:4.3.16

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:5.0.0 thats all 5.0.8

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:4.3.15

Trust: 0.6

sources: CERT/CC: VU#730964 // JVNDB: JVNDB-2014-003933 // CNNVD: CNNVD-201408-350 // NVD: CVE-2014-2216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2216
value: HIGH

Trust: 1.0

NVD: CVE-2014-2216
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201408-350
value: HIGH

Trust: 0.6

VULHUB: VHN-70155
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2216
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70155
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70155 // JVNDB: JVNDB-2014-003933 // CNNVD: CNNVD-201408-350 // NVD: CVE-2014-2216

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-300

Trust: 0.8

problemtype:CWE-122

Trust: 0.8

problemtype:CWE-Other

Trust: 0.8

problemtype:CWE-noinfo

Trust: 0.8

sources: CERT/CC: VU#730964 // JVNDB: JVNDB-2014-003933 // NVD: CVE-2014-2216

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-350

TYPE

Unknown

Trust: 0.3

sources: BID: 69338

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003933

PATCH

title:FortiGate Vulnerability in FortiManager Serviceurl:http://www.fortiguard.com/advisory/FG-IR-14-006/

Trust: 0.8

sources: JVNDB: JVNDB-2014-003933

EXTERNAL IDS

db:NVDid:CVE-2014-2216

Trust: 2.8

db:CERT/CCid:VU#730964

Trust: 2.2

db:BIDid:69338

Trust: 2.0

db:SECUNIAid:60724

Trust: 1.7

db:SECTRACKid:1030753

Trust: 1.1

db:JVNid:JVNVU96848844

Trust: 0.8

db:JVNDBid:JVNDB-2014-003933

Trust: 0.8

db:CNNVDid:CNNVD-201408-350

Trust: 0.7

db:VULHUBid:VHN-70155

Trust: 0.1

sources: CERT/CC: VU#730964 // VULHUB: VHN-70155 // BID: 69338 // JVNDB: JVNDB-2014-003933 // CNNVD: CNNVD-201408-350 // NVD: CVE-2014-2216

REFERENCES

url:http://www.fortiguard.com/advisory/fg-ir-14-006/

Trust: 2.8

url:http://secunia.com/advisories/60724

Trust: 2.3

url:http://www.securityfocus.com/bid/69338

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/730964

Trust: 1.4

url:http://www.securitytracker.com/id/1030753

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95442

Trust: 1.1

url:https://cwe.mitre.org/data/definitions/122.html

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/300.html

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2216

Trust: 0.8

url:http://jvn.jp/vu/jvnvu96848844/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2216

Trust: 0.8

url:https://www.fortinet.com/products/fortigate/fortios.html

Trust: 0.3

sources: CERT/CC: VU#730964 // VULHUB: VHN-70155 // BID: 69338 // JVNDB: JVNDB-2014-003933 // CNNVD: CNNVD-201408-350 // NVD: CVE-2014-2216

CREDITS

Gregor Kopf (Recurity Labs)

Trust: 0.9

sources: BID: 69338 // CNNVD: CNNVD-201408-350

SOURCES

db:CERT/CCid:VU#730964
db:VULHUBid:VHN-70155
db:BIDid:69338
db:JVNDBid:JVNDB-2014-003933
db:CNNVDid:CNNVD-201408-350
db:NVDid:CVE-2014-2216

LAST UPDATE DATE

2024-08-14T14:34:06.521000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#730964date:2014-09-19T00:00:00
db:VULHUBid:VHN-70155date:2017-08-29T00:00:00
db:BIDid:69338date:2014-09-22T18:18:00
db:JVNDBid:JVNDB-2014-003933date:2014-09-26T00:00:00
db:CNNVDid:CNNVD-201408-350date:2014-08-26T00:00:00
db:NVDid:CVE-2014-2216date:2017-08-29T01:34:29.857

SOURCES RELEASE DATE

db:CERT/CCid:VU#730964date:2014-09-19T00:00:00
db:VULHUBid:VHN-70155date:2014-08-25T00:00:00
db:BIDid:69338date:2014-08-19T00:00:00
db:JVNDBid:JVNDB-2014-003933date:2014-08-27T00:00:00
db:CNNVDid:CNNVD-201408-350date:2014-08-22T00:00:00
db:NVDid:CVE-2014-2216date:2014-08-25T14:55:06.377