ID

VAR-201607-0244


CVE

CVE-2016-5092


TITLE

Fortinet FortiWeb Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2016-003761

DESCRIPTION

Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. Fortinet FortiWeb is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability using directory-traversal characters ('../') to perform unauthorized actions. Versions prior to Fortinet FortiWeb 5.5.3 are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. A directory traversal vulnerability exists in Fortinet FortiWeb versions 4.4.6 through 5.5.2

Trust: 1.98

sources: NVD: CVE-2016-5092 // JVNDB: JVNDB-2016-003761 // BID: 91771 // VULHUB: VHN-93911

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:lteversion:5.5.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:5.5.2

Trust: 0.9

vendor:fortinetmodel:fortiwebscope:ltversion:5.5.3

Trust: 0.8

vendor:fortinetmodel:fortiwebscope:eqversion:5.5.1

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.5

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.5

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.4

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.3

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.2

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.1

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.1

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.0.4

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.0.3

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.0.2

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.0.1

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:4.4.7

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:4.4.6

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.4

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.3

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.2

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.1

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.0.0

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:neversion:5.5.3

Trust: 0.3

sources: BID: 91771 // JVNDB: JVNDB-2016-003761 // CNNVD: CNNVD-201606-584 // NVD: CVE-2016-5092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5092
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-5092
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201606-584
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93911
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-5092
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93911
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5092
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93911 // JVNDB: JVNDB-2016-003761 // CNNVD: CNNVD-201606-584 // NVD: CVE-2016-5092

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-93911 // JVNDB: JVNDB-2016-003761 // NVD: CVE-2016-5092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-584

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201606-584

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003761

PATCH

title:Fortiweb path traversal vulnerabilityurl:http://fortiguard.com/advisory/fortiweb-path-traversal-vulnerability

Trust: 0.8

title:Fortinet FortiWeb Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62500

Trust: 0.6

sources: JVNDB: JVNDB-2016-003761 // CNNVD: CNNVD-201606-584

EXTERNAL IDS

db:NVDid:CVE-2016-5092

Trust: 2.8

db:JVNDBid:JVNDB-2016-003761

Trust: 0.8

db:CNNVDid:CNNVD-201606-584

Trust: 0.7

db:BIDid:91771

Trust: 0.4

db:VULHUBid:VHN-93911

Trust: 0.1

sources: VULHUB: VHN-93911 // BID: 91771 // JVNDB: JVNDB-2016-003761 // CNNVD: CNNVD-201606-584 // NVD: CVE-2016-5092

REFERENCES

url:http://fortiguard.com/advisory/fortiweb-path-traversal-vulnerability

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5092

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5092

Trust: 0.8

url:http://www.fortinet.com/

Trust: 0.3

sources: VULHUB: VHN-93911 // BID: 91771 // JVNDB: JVNDB-2016-003761 // CNNVD: CNNVD-201606-584 // NVD: CVE-2016-5092

CREDITS

Ewoud Vlasselaer from Dimension Data Belgium

Trust: 0.9

sources: BID: 91771 // CNNVD: CNNVD-201606-584

SOURCES

db:VULHUBid:VHN-93911
db:BIDid:91771
db:JVNDBid:JVNDB-2016-003761
db:CNNVDid:CNNVD-201606-584
db:NVDid:CVE-2016-5092

LAST UPDATE DATE

2024-08-14T13:57:12.847000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-93911date:2016-07-14T00:00:00
db:BIDid:91771date:2016-05-26T00:00:00
db:JVNDBid:JVNDB-2016-003761date:2016-07-20T00:00:00
db:CNNVDid:CNNVD-201606-584date:2016-07-14T00:00:00
db:NVDid:CVE-2016-5092date:2016-07-14T15:17:42.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-93911date:2016-07-13T00:00:00
db:BIDid:91771date:2016-05-26T00:00:00
db:JVNDBid:JVNDB-2016-003761date:2016-07-20T00:00:00
db:CNNVDid:CNNVD-201606-584date:2016-05-26T00:00:00
db:NVDid:CVE-2016-5092date:2016-07-13T15:59:06.857