ID

VAR-201705-3163


CVE

CVE-2017-3126


TITLE

Fortinet FortiAnalyzer and FortiManager Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004538

DESCRIPTION

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. FortiAnalyzer and FortiManager are prone to an open-redirect vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. An open redirection vulnerability exists in Fortinet FortiAnalyzer versions 5.4.0 through 5.4.2 and FortiManager versions 5.4.0 through 5.4.2

Trust: 1.98

sources: NVD: CVE-2017-3126 // JVNDB: JVNDB-2017-004538 // BID: 98557 // VULHUB: VHN-111329

AFFECTED PRODUCTS

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.4.0

Trust: 1.6

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4.1

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.4.2

Trust: 1.6

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4.2

Trust: 1.6

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4.0

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.4.1

Trust: 1.6

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.4.0 to 5.4.2

Trust: 0.8

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4.0 to 5.4.2

Trust: 0.8

vendor:fortinetmodel:fortimanagerscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortianalyzerscope:eqversion:0

Trust: 0.3

sources: BID: 98557 // JVNDB: JVNDB-2017-004538 // CNNVD: CNNVD-201705-1287 // NVD: CVE-2017-3126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3126
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3126
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-1287
value: MEDIUM

Trust: 0.6

VULHUB: VHN-111329
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3126
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-111329
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3126
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111329 // JVNDB: JVNDB-2017-004538 // CNNVD: CNNVD-201705-1287 // NVD: CVE-2017-3126

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-111329 // JVNDB: JVNDB-2017-004538 // NVD: CVE-2017-3126

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1287

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201705-1287

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004538

PATCH

title:FG-IR-17-014url:https://fortiguard.com/psirt/FG-IR-17-014

Trust: 0.8

title:Fortinet FortiManager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70601

Trust: 0.6

sources: JVNDB: JVNDB-2017-004538 // CNNVD: CNNVD-201705-1287

EXTERNAL IDS

db:NVDid:CVE-2017-3126

Trust: 2.8

db:SECTRACKid:1038540

Trust: 1.7

db:BIDid:98557

Trust: 1.4

db:SECTRACKid:1038539

Trust: 1.1

db:JVNDBid:JVNDB-2017-004538

Trust: 0.8

db:CNNVDid:CNNVD-201705-1287

Trust: 0.7

db:VULHUBid:VHN-111329

Trust: 0.1

sources: VULHUB: VHN-111329 // BID: 98557 // JVNDB: JVNDB-2017-004538 // CNNVD: CNNVD-201705-1287 // NVD: CVE-2017-3126

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-17-014

Trust: 2.0

url:http://www.securityfocus.com/bid/98557

Trust: 1.1

url:http://www.securitytracker.com/id/1038539

Trust: 1.1

url:http://www.securitytracker.com/id/1038540

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3126

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-3126

Trust: 0.8

url:http://securitytracker.com/id/1038540

Trust: 0.6

url:http://www.fortinet.com/

Trust: 0.3

sources: VULHUB: VHN-111329 // BID: 98557 // JVNDB: JVNDB-2017-004538 // CNNVD: CNNVD-201705-1287 // NVD: CVE-2017-3126

CREDITS

Ronan Dunne of Biocompatibles UK Ltd

Trust: 0.3

sources: BID: 98557

SOURCES

db:VULHUBid:VHN-111329
db:BIDid:98557
db:JVNDBid:JVNDB-2017-004538
db:CNNVDid:CNNVD-201705-1287
db:NVDid:CVE-2017-3126

LAST UPDATE DATE

2024-08-14T13:46:49.773000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-111329date:2017-07-08T00:00:00
db:BIDid:98557date:2017-02-09T00:00:00
db:JVNDBid:JVNDB-2017-004538date:2017-06-28T00:00:00
db:CNNVDid:CNNVD-201705-1287date:2017-05-26T00:00:00
db:NVDid:CVE-2017-3126date:2017-07-08T01:29:11.803

SOURCES RELEASE DATE

db:VULHUBid:VHN-111329date:2017-05-27T00:00:00
db:BIDid:98557date:2017-02-09T00:00:00
db:JVNDBid:JVNDB-2017-004538date:2017-06-28T00:00:00
db:CNNVDid:CNNVD-201705-1287date:2017-05-26T00:00:00
db:NVDid:CVE-2017-3126date:2017-05-27T00:29:00.973