ID

VAR-201705-4144


CVE

CVE-2017-7731


TITLE

Fortinet FortiPortal Vulnerable to password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-004228

DESCRIPTION

A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. Fortinet FortiPortal Contains a vulnerability related to the password management function.Information may be obtained. FortiPortal is prone to the following multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restriction and perform unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. Versions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services

Trust: 1.98

sources: NVD: CVE-2017-7731 // JVNDB: JVNDB-2017-004228 // BID: 98484 // VULHUB: VHN-115934

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiportalscope:lteversion:4.0.0

Trust: 1.8

vendor:fortinetmodel:fortiportalscope:eqversion:4.0.0

Trust: 0.6

vendor:fortinetmodel:fortiportalscope:eqversion:4.0

Trust: 0.3

vendor:fortinetmodel:fortiportalscope:neversion:4.0.1

Trust: 0.3

sources: BID: 98484 // JVNDB: JVNDB-2017-004228 // CNNVD: CNNVD-201705-1322 // NVD: CVE-2017-7731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7731
value: HIGH

Trust: 1.0

NVD: CVE-2017-7731
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201705-1322
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115934
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7731
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115934
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7731
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115934 // JVNDB: JVNDB-2017-004228 // CNNVD: CNNVD-201705-1322 // NVD: CVE-2017-7731

PROBLEMTYPE DATA

problemtype:CWE-640

Trust: 1.9

sources: VULHUB: VHN-115934 // JVNDB: JVNDB-2017-004228 // NVD: CVE-2017-7731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1322

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201705-1322

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004228

PATCH

title:FortiPortal Multiple Vulnerabilitiesurl:https://fortiguard.com/psirt/FG-IR-17-114

Trust: 0.8

title:Fortinet FortiPortal Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70616

Trust: 0.6

sources: JVNDB: JVNDB-2017-004228 // CNNVD: CNNVD-201705-1322

EXTERNAL IDS

db:NVDid:CVE-2017-7731

Trust: 2.8

db:JVNDBid:JVNDB-2017-004228

Trust: 0.8

db:CNNVDid:CNNVD-201705-1322

Trust: 0.7

db:BIDid:98484

Trust: 0.3

db:VULHUBid:VHN-115934

Trust: 0.1

sources: VULHUB: VHN-115934 // BID: 98484 // JVNDB: JVNDB-2017-004228 // CNNVD: CNNVD-201705-1322 // NVD: CVE-2017-7731

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-17-114

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7731

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-7731

Trust: 0.8

url:http://www.fortinet.com/

Trust: 0.3

sources: VULHUB: VHN-115934 // BID: 98484 // JVNDB: JVNDB-2017-004228 // CNNVD: CNNVD-201705-1322 // NVD: CVE-2017-7731

CREDITS

David Tredger, Senior Security Consultant, Aura Information Security

Trust: 0.3

sources: BID: 98484

SOURCES

db:VULHUBid:VHN-115934
db:BIDid:98484
db:JVNDBid:JVNDB-2017-004228
db:CNNVDid:CNNVD-201705-1322
db:NVDid:CVE-2017-7731

LAST UPDATE DATE

2024-08-14T13:45:13.120000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-115934date:2017-05-31T00:00:00
db:BIDid:98484date:2017-05-15T00:00:00
db:JVNDBid:JVNDB-2017-004228date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201705-1322date:2017-05-27T00:00:00
db:NVDid:CVE-2017-7731date:2017-05-31T13:59:24.170

SOURCES RELEASE DATE

db:VULHUBid:VHN-115934date:2017-05-27T00:00:00
db:BIDid:98484date:2017-05-15T00:00:00
db:JVNDBid:JVNDB-2017-004228date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201705-1322date:2017-05-27T00:00:00
db:NVDid:CVE-2017-7731date:2017-05-27T00:29:01.270