ID

VAR-201608-0287


CVE

CVE-2016-3196


TITLE

Fortinet FortiAnalyzer and FortiManager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-004160

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. Multiple Fortinet Products are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Both Fortinet FortiAnalyzer and FortiManager are products of Fortinet. The former is a centralized network security reporting solution, and the latter is a centralized network security management solution. A cross-site scripting vulnerability exists in Fortinet FortiAnalyzer 5.x prior to 5.2.6 and FortiManager 5.x prior to 5.2.6

Trust: 1.98

sources: NVD: CVE-2016-3196 // JVNDB: JVNDB-2016-004160 // BID: 92203 // VULHUB: VHN-92015

AFFECTED PRODUCTS

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.0.1

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.2.5

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.2.4

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.0.10

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.2.0

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.0.4

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.2.1

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.0.5

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.2.3

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.0.0

Trust: 1.6

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.8

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.3

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.10

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.7

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.5

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.9

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.6

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.3

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.2

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.2.2

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.4

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.1

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.4

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.5

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.2.6

Trust: 0.8

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.6

Trust: 0.8

vendor:fortinetmodel:fortianalyzerscope:ltversion:5.x

Trust: 0.8

vendor:fortinetmodel:fortimanagerscope:ltversion:5.x

Trust: 0.8

vendor:fortinetmodel:fortimom-vmscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortimanager virtual appliancesscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortimanager 400cscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanager 400bscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanager 400ascope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanager 4000escope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanager 4000dscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanager 3900escope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanager 300dscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanager 3000cscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanager 200dscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanager 1000dscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanager 1000cscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:100

Trust: 0.3

vendor:fortinetmodel:fortianalyzer vm gb500scope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortianalyzer vm gb5scope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortianalyzer vm gb25scope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortianalyzer vm gb2000scope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortianalyzer vm gb100scope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortianalyzer vm gb1scope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortianalyzer vm basescope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortianalyzer 3900escope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortianalyzer 3500escope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortianalyzer 300dscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortianalyzer 3000escope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortianalyzer 200dscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortianalyzer 2000bscope: - version: -

Trust: 0.3

vendor:fortinetmodel:fortianalyzer 1000dscope: - version: -

Trust: 0.3

sources: BID: 92203 // JVNDB: JVNDB-2016-004160 // CNNVD: CNNVD-201608-095 // NVD: CVE-2016-3196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3196
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-3196
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201608-095
value: LOW

Trust: 0.6

VULHUB: VHN-92015
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-3196
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-92015
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-3196
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-92015 // JVNDB: JVNDB-2016-004160 // CNNVD: CNNVD-201608-095 // NVD: CVE-2016-3196

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-92015 // JVNDB: JVNDB-2016-004160 // NVD: CVE-2016-3196

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-095

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201608-095

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004160

PATCH

title:FortiManager and FortiAnalyzer Persistent XSS vulnerabilityurl:http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability

Trust: 0.8

title:Fortinet FortiAnalyzer and FortiManager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63487

Trust: 0.6

sources: JVNDB: JVNDB-2016-004160 // CNNVD: CNNVD-201608-095

EXTERNAL IDS

db:NVDid:CVE-2016-3196

Trust: 2.5

db:BIDid:92203

Trust: 1.4

db:SECTRACKid:1036550

Trust: 1.1

db:SECTRACKid:1036551

Trust: 1.1

db:JVNDBid:JVNDB-2016-004160

Trust: 0.8

db:CNNVDid:CNNVD-201608-095

Trust: 0.6

db:VULHUBid:VHN-92015

Trust: 0.1

sources: VULHUB: VHN-92015 // BID: 92203 // JVNDB: JVNDB-2016-004160 // CNNVD: CNNVD-201608-095 // NVD: CVE-2016-3196

REFERENCES

url:http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability

Trust: 1.7

url:http://seclists.org/fulldisclosure/2016/aug/4

Trust: 1.4

url:http://www.securityfocus.com/bid/92203

Trust: 1.1

url:http://www.securityfocus.com/archive/1/539069/100/0/threaded

Trust: 1.1

url:http://www.vulnerability-lab.com/get_content.php?id=1687

Trust: 1.1

url:http://www.securitytracker.com/id/1036550

Trust: 1.1

url:http://www.securitytracker.com/id/1036551

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3196

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3196

Trust: 0.8

url:http://www.fortinet.com/

Trust: 0.3

sources: VULHUB: VHN-92015 // BID: 92203 // JVNDB: JVNDB-2016-004160 // CNNVD: CNNVD-201608-095 // NVD: CVE-2016-3196

CREDITS

Marco Onorati

Trust: 0.3

sources: BID: 92203

SOURCES

db:VULHUBid:VHN-92015
db:BIDid:92203
db:JVNDBid:JVNDB-2016-004160
db:CNNVDid:CNNVD-201608-095
db:NVDid:CVE-2016-3196

LAST UPDATE DATE

2024-08-14T14:57:52.786000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-92015date:2018-10-09T00:00:00
db:BIDid:92203date:2016-08-01T00:00:00
db:JVNDBid:JVNDB-2016-004160date:2016-08-09T00:00:00
db:CNNVDid:CNNVD-201608-095date:2016-08-09T00:00:00
db:NVDid:CVE-2016-3196date:2018-10-09T19:59:48.130

SOURCES RELEASE DATE

db:VULHUBid:VHN-92015date:2016-08-05T00:00:00
db:BIDid:92203date:2016-08-01T00:00:00
db:JVNDBid:JVNDB-2016-004160date:2016-08-09T00:00:00
db:CNNVDid:CNNVD-201608-095date:2016-08-09T00:00:00
db:NVDid:CVE-2016-3196date:2016-08-05T14:59:06.547