Sign-up

ID

VAR-201708-0339


CVE

CVE-2015-3614


TITLE

Fortinet FortiManager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2015-007727

DESCRIPTION

Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. Fortinet FortiManager Contains an information disclosure vulnerability.Information may be obtained. FortiManager is prone to following security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. An HTML-injection vulnerability 3. An SQL-injection vulnerability 4. A local privilege-escalation vulnerability 5. An arbitrary file-download vulnerability Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Trust: 1.98

sources: NVD: CVE-2015-3614 // JVNDB: JVNDB-2015-007727 // BID: 74444 // VULHUB: VHN-81575

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.1

Trust: 1.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.10

Trust: 1.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.9

Trust: 1.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.8

Trust: 1.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.7

Trust: 1.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.6

Trust: 1.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.5

Trust: 1.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.4

Trust: 1.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.3

Trust: 1.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.0

Trust: 1.6

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.2

Trust: 1.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.1

Trust: 1.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:neversion:5.2.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:neversion:5.0.11

Trust: 0.3

sources: BID: 74444 // JVNDB: JVNDB-2015-007727 // CNNVD: CNNVD-201708-579 // NVD: CVE-2015-3614

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3614
value: HIGH

Trust: 1.0

NVD: CVE-2015-3614
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201708-579
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81575
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3614
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81575
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-3614
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-81575 // JVNDB: JVNDB-2015-007727 // CNNVD: CNNVD-201708-579 // NVD: CVE-2015-3614

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-81575 // JVNDB: JVNDB-2015-007727 // NVD: CVE-2015-3614

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-579

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-579

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007727

PATCH
title:FG-IR-15-011url:https://fortiguard.com/psirt/FG-IR-15-011
Trust: 0.8
title:Fortinet FortiManager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73991
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-007727 // 
            
            
            
            CNNVD: CNNVD-201708-579

EXTERNAL IDS
db:NVDid:CVE-2015-3614
Trust: 2.8
db:SECTRACKid:1032188
Trust: 1.7
db:BIDid:74444
Trust: 1.4
db:JVNDBid:JVNDB-2015-007727
Trust: 0.8
db:CNNVDid:CNNVD-201708-579
Trust: 0.7
db:NSFOCUSid:37414
Trust: 0.6
db:VULHUBid:VHN-81575
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81575 // 
            
            
            
            BID: 74444 // 
            
            
            
            JVNDB: JVNDB-2015-007727 // 
            
            
            
            CNNVD: CNNVD-201708-579 // 
            
            
            
            NVD: CVE-2015-3614

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-15-011
Trust: 2.0
url:http://www.securitytracker.com/id/1032188
Trust: 1.7
url:http://www.securityfocus.com/bid/74444
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3614
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-3614
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37414
Trust: 0.6
url:http://www.fortinet.com/products/fortimanager/
Trust: 0.3
url:http://www.fortiguard.com/advisory/fg-ir-15-011/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-81575 // 
            
            
            
            BID: 74444 // 
            
            
            
            JVNDB: JVNDB-2015-007727 // 
            
            
            
            CNNVD: CNNVD-201708-579 // 
            
            
            
            NVD: CVE-2015-3614

CREDITS
Maksymilian Motyl and the ITN Security Team at Orange Polska
Trust: 0.3
sources:
            
            
            BID: 74444

SOURCES
db:VULHUBid:VHN-81575
db:BIDid:74444
db:JVNDBid:JVNDB-2015-007727
db:CNNVDid:CNNVD-201708-579
db:NVDid:CVE-2015-3614

LAST UPDATE DATE
2024-08-14T14:11:58.479000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81575date:2017-08-26T00:00:00
db:BIDid:74444date:2017-08-25T07:11:00
db:JVNDBid:JVNDB-2015-007727date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-579date:2017-08-14T00:00:00
db:NVDid:CVE-2015-3614date:2017-08-26T01:29:00.270

SOURCES RELEASE DATE
db:VULHUBid:VHN-81575date:2017-08-11T00:00:00
db:BIDid:74444date:2015-04-16T00:00:00
db:JVNDBid:JVNDB-2015-007727date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-579date:2017-08-14T00:00:00
db:NVDid:CVE-2015-3614date:2017-08-11T21:29:00.323