Details of VAR-201505-0127

ID

VAR-201505-0127

CVE

CVE-2014-8618

TITLE

Fortinet FortiADC D Cross-site scripting vulnerability in login page for model theme

Trust: 0.8

sources: JVNDB: JVNDB-2014-008044

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to FortiADC-D 4.2 are vulnerable. Fortinet FortiADC is an application delivery controller from Fortinet, which optimizes network availability, user experience, mobile performance and cloud-based enterprise application control, and enhances server efficiency and reduces data center network complexity. sex and cost. D is one of the modules

Trust: 1.98

sources: NVD: CVE-2014-8618 // JVNDB: JVNDB-2014-008044 // BID: 74678 // VULHUB: VHN-76563

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiadc-2000d	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortiadc-1500d	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	lte	version:	4.1.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc-4000d	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortiadc-200d	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortiadc-700d	scope:	eq	version:	-	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	lt	version:	4.2	Trust: 0.8
vendor:	fortinet	model:	fortiadc-1500d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortiadc-2000d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortiadc-200d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortiadc-4000d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortiadc-700d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortiadc	scope:	eq	version:	4.1.0	Trust: 0.6
vendor:	fortinet	model:	fortiadc-d	scope:	eq	version:	0	Trust: 0.3
vendor:	fortinet	model:	fortiadc-d	scope:	ne	version:	4.2	Trust: 0.3

sources: BID: 74678 // JVNDB: JVNDB-2014-008044 // CNNVD: CNNVD-201505-095 // NVD: CVE-2014-8618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8618
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8618
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-095
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-76563
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8618
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76563
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76563 // JVNDB: JVNDB-2014-008044 // CNNVD: CNNVD-201505-095 // NVD: CVE-2014-8618

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-76563 // JVNDB: JVNDB-2014-008044 // NVD: CVE-2014-8618

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-095

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-095

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008044

PATCH

title:

Multiple products cross-site scripting vulnerabilities

url:

http://www.fortiguard.com/advisory/FG-IR-15-005/

Trust: 0.8

sources: JVNDB: JVNDB-2014-008044

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8618	Trust: 2.8
db:	SECTRACK	id:	1032265	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-008044	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-095	Trust: 0.7
db:	BID	id:	74678	Trust: 0.4
db:	VULHUB	id:	VHN-76563	Trust: 0.1

sources: VULHUB: VHN-76563 // BID: 74678 // JVNDB: JVNDB-2014-008044 // CNNVD: CNNVD-201505-095 // NVD: CVE-2014-8618

REFERENCES

url:	http://www.fortiguard.com/advisory/fg-ir-15-005/	Trust: 2.0
url:	http://www.securitytracker.com/id/1032265	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8618	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8618	Trust: 0.8
url:	http://www.fortinet.com/products/fortiadc/	Trust: 0.3

sources: VULHUB: VHN-76563 // BID: 74678 // JVNDB: JVNDB-2014-008044 // CNNVD: CNNVD-201505-095 // NVD: CVE-2014-8618

CREDITS

Jared Haight, William Costa and Benjamin Kunz Mejri

Trust: 0.3

sources: BID: 74678

SOURCES

db:	VULHUB	id:	VHN-76563
db:	BID	id:	74678
db:	JVNDB	id:	JVNDB-2014-008044
db:	CNNVD	id:	CNNVD-201505-095
db:	NVD	id:	CVE-2014-8618

LAST UPDATE DATE

2024-08-14T13:47:42.555000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76563	date:	2017-01-03T00:00:00
db:	BID	id:	74678	date:	2015-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-008044	date:	2015-05-14T00:00:00
db:	CNNVD	id:	CNNVD-201505-095	date:	2015-05-13T00:00:00
db:	NVD	id:	CVE-2014-8618	date:	2017-01-03T02:59:20.407

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76563	date:	2015-05-12T00:00:00
db:	BID	id:	74678	date:	2015-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-008044	date:	2015-05-14T00:00:00
db:	CNNVD	id:	CNNVD-201505-095	date:	2015-05-13T00:00:00
db:	NVD	id:	CVE-2014-8618	date:	2015-05-12T19:59:01.377