Sign-up

ID

VAR-201708-1511


CVE

CVE-2017-7737


TITLE

Fortinet FortiWeb Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-007035

DESCRIPTION

An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. Fortinet FortiWeb Contains an information disclosure vulnerability.Information may be obtained. Fortinet Fortiweb is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Fortinet Fortiweb 5.8.2 and prior versions are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content

Trust: 1.98

sources: NVD: CVE-2017-7737 // JVNDB: JVNDB-2017-007035 // BID: 100205 // VULHUB: VHN-115940

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:lteversion:5.8.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:5.8.2

Trust: 0.9

vendor:fortinetmodel:fortiwebscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiwebscope:eqversion:5.8.1

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.8

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:neversion:5.8.3

Trust: 0.3

sources: BID: 100205 // JVNDB: JVNDB-2017-007035 // CNNVD: CNNVD-201708-467 // NVD: CVE-2017-7737

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7737
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7737
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201708-467
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115940
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7737
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115940
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7737
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115940 // JVNDB: JVNDB-2017-007035 // CNNVD: CNNVD-201708-467 // NVD: CVE-2017-7737

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-552

Trust: 1.1

sources: VULHUB: VHN-115940 // JVNDB: JVNDB-2017-007035 // NVD: CVE-2017-7737

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-467

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-467

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007035

PATCH
title:FG-IR-17-162url:http://fortiguard.com/psirt/FG-IR-17-162
Trust: 0.8
title:Fortinet FortiWeb Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72514
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-007035 // 
            
            
            
            CNNVD: CNNVD-201708-467

EXTERNAL IDS
db:NVDid:CVE-2017-7737
Trust: 2.8
db:BIDid:100205
Trust: 2.0
db:JVNDBid:JVNDB-2017-007035
Trust: 0.8
db:CNNVDid:CNNVD-201708-467
Trust: 0.7
db:VULHUBid:VHN-115940
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115940 // 
            
            
            
            BID: 100205 // 
            
            
            
            JVNDB: JVNDB-2017-007035 // 
            
            
            
            CNNVD: CNNVD-201708-467 // 
            
            
            
            NVD: CVE-2017-7737

REFERENCES
url:http://www.securityfocus.com/bid/100205
Trust: 1.7
url:https://fortiguard.com/advisory/fg-ir-17-162
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7737
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7737
Trust: 0.8
url:http://www.fortinet.com/products/fortiweb/
Trust: 0.3
url:http://fortiguard.com/psirt/fg-ir-17-162
Trust: 0.3
sources:
            
            
            VULHUB: VHN-115940 // 
            
            
            
            BID: 100205 // 
            
            
            
            JVNDB: JVNDB-2017-007035 // 
            
            
            
            CNNVD: CNNVD-201708-467 // 
            
            
            
            NVD: CVE-2017-7737

CREDITS
Florian NIVETTE from Sysdream.
Trust: 0.3
sources:
            
            
            BID: 100205

SOURCES
db:VULHUBid:VHN-115940
db:BIDid:100205
db:JVNDBid:JVNDB-2017-007035
db:CNNVDid:CNNVD-201708-467
db:NVDid:CVE-2017-7737

LAST UPDATE DATE
2024-08-14T14:39:42.191000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115940date:2019-10-03T00:00:00
db:BIDid:100205date:2017-08-08T00:00:00
db:JVNDBid:JVNDB-2017-007035date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-467date:2019-10-23T00:00:00
db:NVDid:CVE-2017-7737date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:VULHUBid:VHN-115940date:2017-08-10T00:00:00
db:BIDid:100205date:2017-08-08T00:00:00
db:JVNDBid:JVNDB-2017-007035date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-467date:2017-08-11T00:00:00
db:NVDid:CVE-2017-7737date:2017-08-10T21:29:00.233