Sign-up

ID

VAR-201505-0126


CVE

CVE-2014-8616


TITLE

Fortinet FortiOS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-008045

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus. Fortinet FortiOS is prone to multiple cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam

Trust: 1.98

sources: NVD: CVE-2014-8616 // JVNDB: JVNDB-2014-008045 // BID: 72562 // VULHUB: VHN-76561

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:eqversion:5.2.2

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.1

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.0

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.3

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:5.2.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.0.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.7.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.17

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.15

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.80

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.50

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.36

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.18

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.16

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.14

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.2.3

Trust: 0.3

sources: BID: 72562 // JVNDB: JVNDB-2014-008045 // CNNVD: CNNVD-201505-094 // NVD: CVE-2014-8616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8616
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8616
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-094
value: MEDIUM

Trust: 0.6

VULHUB: VHN-76561
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8616
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-76561
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76561 // JVNDB: JVNDB-2014-008045 // CNNVD: CNNVD-201505-094 // NVD: CVE-2014-8616

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-76561 // JVNDB: JVNDB-2014-008045 // NVD: CVE-2014-8616

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-094

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-094

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008045

PATCH
title:Multiple products cross-site scripting vulnerabilitiesurl:http://www.fortiguard.com/advisory/FG-IR-15-005/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008045

EXTERNAL IDS
db:NVDid:CVE-2014-8616
Trust: 2.8
db:SECTRACKid:1032262
Trust: 1.1
db:SECTRACKid:1032261
Trust: 1.1
db:SECTRACKid:1032264
Trust: 1.1
db:SECTRACKid:1032265
Trust: 1.1
db:JVNDBid:JVNDB-2014-008045
Trust: 0.8
db:CNNVDid:CNNVD-201505-094
Trust: 0.7
db:BIDid:72562
Trust: 0.4
db:VULHUBid:VHN-76561
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76561 // 
            
            
            
            BID: 72562 // 
            
            
            
            JVNDB: JVNDB-2014-008045 // 
            
            
            
            CNNVD: CNNVD-201505-094 // 
            
            
            
            NVD: CVE-2014-8616

REFERENCES
url:http://www.fortiguard.com/advisory/fg-ir-15-005/
Trust: 2.0
url:http://www.securitytracker.com/id/1032261
Trust: 1.1
url:http://www.securitytracker.com/id/1032262
Trust: 1.1
url:http://www.securitytracker.com/id/1032264
Trust: 1.1
url:http://www.securitytracker.com/id/1032265
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8616
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8616
Trust: 0.8
url:http://www.fortinet.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-76561 // 
            
            
            
            BID: 72562 // 
            
            
            
            JVNDB: JVNDB-2014-008045 // 
            
            
            
            CNNVD: CNNVD-201505-094 // 
            
            
            
            NVD: CVE-2014-8616

CREDITS
Jared Haight, William Costa and Benjamin Kunz Mejri
Trust: 0.3
sources:
            
            
            BID: 72562

SOURCES
db:VULHUBid:VHN-76561
db:BIDid:72562
db:JVNDBid:JVNDB-2014-008045
db:CNNVDid:CNNVD-201505-094
db:NVDid:CVE-2014-8616

LAST UPDATE DATE
2024-08-14T13:47:42.523000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76561date:2017-01-03T00:00:00
db:BIDid:72562date:2015-02-25T00:00:00
db:JVNDBid:JVNDB-2014-008045date:2015-05-14T00:00:00
db:CNNVDid:CNNVD-201505-094date:2015-05-13T00:00:00
db:NVDid:CVE-2014-8616date:2017-01-03T02:59:20.347

SOURCES RELEASE DATE
db:VULHUBid:VHN-76561date:2015-05-12T00:00:00
db:BIDid:72562date:2015-02-25T00:00:00
db:JVNDBid:JVNDB-2014-008045date:2015-05-14T00:00:00
db:CNNVDid:CNNVD-201505-094date:2015-05-13T00:00:00
db:NVDid:CVE-2014-8616date:2015-05-12T19:59:00.097