Sign-up

ID

VAR-201411-0467


CVE

CVE-2014-8582


TITLE

FortiADC-E Unauthorized Access Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-07894 // BID: 70803

DESCRIPTION

FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors. FortiADC-E is an application delivery controller developed by the company. FortiADC-E has security vulnerabilities that allow non-privileged users to inject messages into the FortiADC-E-configured network or with hosts configured on the FortiADC-E network. FortiADC-E is prone to an unauthorized-access vulnerability. Successful exploits will allow attackers to gain unauthorized access to network resources, which may aid in further attacks. Fortinet FortiADC-E and Coyote Point Equalizer are both Fortinet's application delivery controllers, which can optimize network availability, user experience, mobile performance and cloud-based enterprise application control, and enhance server efficiency and reduce Data center network complexity and cost

Trust: 2.52

sources: NVD: CVE-2014-8582 // JVNDB: JVNDB-2014-005193 // CNVD: CNVD-2014-07894 // BID: 70803 // VULHUB: VHN-76527

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-07894

AFFECTED PRODUCTS

vendor:fortinetmodel:coyote point equalizerscope:eqversion:10.2.0a

Trust: 2.4

vendor:fortinetmodel:fortiadcscope:eqversion:3.2.1

Trust: 1.6

vendor:fortinetmodel:fortiadcscope:eqversion:4.0.4

Trust: 1.6

vendor:fortinetmodel:fortiadcscope:eqversion:3.2.0

Trust: 1.6

vendor:fortinetmodel:fortiadcscope:eqversion:3.1.1

Trust: 1.6

vendor:fortinetmodel:fortiadc-1000escope:eqversion: -

Trust: 1.0

vendor:fortinetmodel:coyote point equalizerscope:eqversion: -

Trust: 1.0

vendor:fortinetmodel:fortiadc-300escope:eqversion: -

Trust: 1.0

vendor:fortinetmodel:fortiadc-400escope:eqversion: -

Trust: 1.0

vendor:fortinetmodel:fortiadc-600escope:eqversion: -

Trust: 1.0

vendor:fortinetmodel:coyote point equalizerscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiadcscope:ltversion:3.1.1 thats all 4.0.5

Trust: 0.8

vendor:fortinetmodel:fortiadc-1000escope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiadc-300escope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiadc-400escope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiadc-600escope: - version: -

Trust: 0.8

vendor:fortiguardmodel:fortiadc-escope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-07894 // JVNDB: JVNDB-2014-005193 // CNNVD: CNNVD-201410-1408 // NVD: CVE-2014-8582

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8582
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8582
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-07894
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201410-1408
value: MEDIUM

Trust: 0.6

VULHUB: VHN-76527
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8582
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-07894
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-76527
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-07894 // VULHUB: VHN-76527 // JVNDB: JVNDB-2014-005193 // CNNVD: CNNVD-201410-1408 // NVD: CVE-2014-8582

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-8582

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-1408

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201410-1408

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005193

PATCH
title:FortiADC-E remote network access vulnerabilityurl:http://www.fortiguard.com/advisory/FG-IR-14-032/
Trust: 0.8
title:FortiADC v4.0 Patch Release5 E Series Release Notesurl:http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf
Trust: 0.8
title:FortiADC-E is not authorized to access the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/51480
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-07894 // 
            
            
            
            JVNDB: JVNDB-2014-005193

EXTERNAL IDS
db:NVDid:CVE-2014-8582
Trust: 3.4
db:BIDid:70803
Trust: 1.6
db:SECUNIAid:61866
Trust: 1.1
db:JVNDBid:JVNDB-2014-005193
Trust: 0.8
db:CNNVDid:CNNVD-201410-1408
Trust: 0.7
db:CNVDid:CNVD-2014-07894
Trust: 0.6
db:XFid:98384
Trust: 0.6
db:VULHUBid:VHN-76527
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-07894 // 
            
            
            
            VULHUB: VHN-76527 // 
            
            
            
            BID: 70803 // 
            
            
            
            JVNDB: JVNDB-2014-005193 // 
            
            
            
            CNNVD: CNNVD-201410-1408 // 
            
            
            
            NVD: CVE-2014-8582

REFERENCES
url:http://www.fortiguard.com/advisory/fg-ir-14-032/
Trust: 2.3
url:http://docs.fortinet.com/uploaded/files/2164/fortiadc-e-4.0.5-ga-release-notes.pdf
Trust: 1.7
url:http://secunia.com/advisories/61866
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98384
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8582
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8582
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/98384
Trust: 0.6
url:http://www.securityfocus.com/bid/70803
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-07894 // 
            
            
            
            VULHUB: VHN-76527 // 
            
            
            
            JVNDB: JVNDB-2014-005193 // 
            
            
            
            CNNVD: CNNVD-201410-1408 // 
            
            
            
            NVD: CVE-2014-8582

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 70803

SOURCES
db:CNVDid:CNVD-2014-07894
db:VULHUBid:VHN-76527
db:BIDid:70803
db:JVNDBid:JVNDB-2014-005193
db:CNNVDid:CNNVD-201410-1408
db:NVDid:CVE-2014-8582

LAST UPDATE DATE
2024-08-14T14:27:44.156000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-07894date:2014-11-04T00:00:00
db:VULHUBid:VHN-76527date:2017-09-08T00:00:00
db:BIDid:70803date:2014-11-04T16:57:00
db:JVNDBid:JVNDB-2014-005193date:2014-12-17T00:00:00
db:CNNVDid:CNNVD-201410-1408date:2014-11-04T00:00:00
db:NVDid:CVE-2014-8582date:2017-09-08T01:29:25.153

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-07894date:2014-11-04T00:00:00
db:VULHUBid:VHN-76527date:2014-11-01T00:00:00
db:BIDid:70803date:2014-10-29T00:00:00
db:JVNDBid:JVNDB-2014-005193date:2014-11-05T00:00:00
db:CNNVDid:CNNVD-201410-1408date:2014-10-30T00:00:00
db:NVDid:CVE-2014-8582date:2014-11-01T23:55:09.823