Sign-up

ID

VAR-201505-0128


CVE

CVE-2014-8619


TITLE

Fortinet FortiWeb Cross-site scripting vulnerability in the automatic learning settings page

Trust: 0.8

sources: JVNDB: JVNDB-2014-008043

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Fortinet FortiWeb is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content

Trust: 2.07

sources: NVD: CVE-2014-8619 // JVNDB: JVNDB-2014-008043 // BID: 74679 // VULHUB: VHN-76564 // VULMON: CVE-2014-8619

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.1

Trust: 1.9

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.4

Trust: 1.9

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.3

Trust: 1.9

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.2

Trust: 1.9

vendor:fortinetmodel:fortiwebscope:eqversion:5.2.1

Trust: 1.6

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.0

Trust: 1.6

vendor:fortinetmodel:fortiwebscope:eqversion:5.2.2

Trust: 1.6

vendor:fortinetmodel:fortiwebscope:eqversion:5.2.3

Trust: 1.6

vendor:fortinetmodel:fortiwebscope:eqversion:5.2.4

Trust: 1.6

vendor:fortinetmodel:fortiwebscope:eqversion:5.2.0

Trust: 1.6

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.4

Trust: 1.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.3

Trust: 1.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.2

Trust: 1.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.2 to 5.3.4

Trust: 0.8

vendor:fortinetmodel:fortiwebscope:neversion:5.3.5

Trust: 0.3

sources: BID: 74679 // JVNDB: JVNDB-2014-008043 // CNNVD: CNNVD-201505-096 // NVD: CVE-2014-8619

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8619
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8619
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-096
value: MEDIUM

Trust: 0.6

VULHUB: VHN-76564
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-8619
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8619
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-76564
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76564 // VULMON: CVE-2014-8619 // JVNDB: JVNDB-2014-008043 // CNNVD: CNNVD-201505-096 // NVD: CVE-2014-8619

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-76564 // JVNDB: JVNDB-2014-008043 // NVD: CVE-2014-8619

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-096

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-096

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008043

PATCH
title:Multiple products cross-site scripting vulnerabilitiesurl:http://www.fortiguard.com/advisory/FG-IR-15-005/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008043

EXTERNAL IDS
db:NVDid:CVE-2014-8619
Trust: 2.9
db:SECTRACKid:1032307
Trust: 1.2
db:JVNDBid:JVNDB-2014-008043
Trust: 0.8
db:CNNVDid:CNNVD-201505-096
Trust: 0.7
db:BIDid:74679
Trust: 0.4
db:VULHUBid:VHN-76564
Trust: 0.1
db:VULMONid:CVE-2014-8619
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76564 // 
            
            
            
            VULMON: CVE-2014-8619 // 
            
            
            
            BID: 74679 // 
            
            
            
            JVNDB: JVNDB-2014-008043 // 
            
            
            
            CNNVD: CNNVD-201505-096 // 
            
            
            
            NVD: CVE-2014-8619

REFERENCES
url:http://www.fortiguard.com/advisory/fg-ir-15-005/
Trust: 2.1
url:http://www.securitytracker.com/id/1032307
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8619
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8619
Trust: 0.8
url:https://www.fortinet.com/products/fortigate/fortios.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76564 // 
            
            
            
            VULMON: CVE-2014-8619 // 
            
            
            
            BID: 74679 // 
            
            
            
            JVNDB: JVNDB-2014-008043 // 
            
            
            
            CNNVD: CNNVD-201505-096 // 
            
            
            
            NVD: CVE-2014-8619

CREDITS
Jared Haight, William Costa, and Benjamin Kunz Mejri (Vulnerability Laboratory, Evolution Security GmbH).
Trust: 0.3
sources:
            
            
            BID: 74679

SOURCES
db:VULHUBid:VHN-76564
db:VULMONid:CVE-2014-8619
db:BIDid:74679
db:JVNDBid:JVNDB-2014-008043
db:CNNVDid:CNNVD-201505-096
db:NVDid:CVE-2014-8619

LAST UPDATE DATE
2024-08-14T15:19:01.497000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76564date:2017-01-03T00:00:00
db:VULMONid:CVE-2014-8619date:2017-01-03T00:00:00
db:BIDid:74679date:2015-02-25T00:00:00
db:JVNDBid:JVNDB-2014-008043date:2015-05-14T00:00:00
db:CNNVDid:CNNVD-201505-096date:2015-05-13T00:00:00
db:NVDid:CVE-2014-8619date:2017-01-03T02:59:20.457

SOURCES RELEASE DATE
db:VULHUBid:VHN-76564date:2015-05-12T00:00:00
db:VULMONid:CVE-2014-8619date:2015-05-12T00:00:00
db:BIDid:74679date:2015-02-25T00:00:00
db:JVNDBid:JVNDB-2014-008043date:2015-05-14T00:00:00
db:CNNVDid:CNNVD-201505-096date:2015-05-13T00:00:00
db:NVDid:CVE-2014-8619date:2015-05-12T19:59:02.643