ID

VAR-201708-1511


CVE

CVE-2017-7737


TITLE

Fortinet FortiWeb Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-007035

DESCRIPTION

An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. Fortinet FortiWeb Contains an information disclosure vulnerability.Information may be obtained. Fortinet Fortiweb is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Fortinet Fortiweb 5.8.2 and prior versions are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content

Trust: 1.98

sources: NVD: CVE-2017-7737 // JVNDB: JVNDB-2017-007035 // BID: 100205 // VULHUB: VHN-115940

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:lteversion:5.8.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:5.8.2

Trust: 0.9

vendor:fortinetmodel:fortiwebscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiwebscope:eqversion:5.8.1

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.8

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:neversion:5.8.3

Trust: 0.3

sources: BID: 100205 // JVNDB: JVNDB-2017-007035 // CNNVD: CNNVD-201708-467 // NVD: CVE-2017-7737

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7737
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7737
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201708-467
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115940
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7737
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115940
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7737
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115940 // JVNDB: JVNDB-2017-007035 // CNNVD: CNNVD-201708-467 // NVD: CVE-2017-7737

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-552

Trust: 1.1

sources: VULHUB: VHN-115940 // JVNDB: JVNDB-2017-007035 // NVD: CVE-2017-7737

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-467

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-467

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007035

PATCH

title:FG-IR-17-162url:http://fortiguard.com/psirt/FG-IR-17-162

Trust: 0.8

title:Fortinet FortiWeb Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72514

Trust: 0.6

sources: JVNDB: JVNDB-2017-007035 // CNNVD: CNNVD-201708-467

EXTERNAL IDS

db:NVDid:CVE-2017-7737

Trust: 2.8

db:BIDid:100205

Trust: 2.0

db:JVNDBid:JVNDB-2017-007035

Trust: 0.8

db:CNNVDid:CNNVD-201708-467

Trust: 0.7

db:VULHUBid:VHN-115940

Trust: 0.1

sources: VULHUB: VHN-115940 // BID: 100205 // JVNDB: JVNDB-2017-007035 // CNNVD: CNNVD-201708-467 // NVD: CVE-2017-7737

REFERENCES

url:http://www.securityfocus.com/bid/100205

Trust: 1.7

url:https://fortiguard.com/advisory/fg-ir-17-162

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7737

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-7737

Trust: 0.8

url:http://www.fortinet.com/products/fortiweb/

Trust: 0.3

url:http://fortiguard.com/psirt/fg-ir-17-162

Trust: 0.3

sources: VULHUB: VHN-115940 // BID: 100205 // JVNDB: JVNDB-2017-007035 // CNNVD: CNNVD-201708-467 // NVD: CVE-2017-7737

CREDITS

Florian NIVETTE from Sysdream.

Trust: 0.3

sources: BID: 100205

SOURCES

db:VULHUBid:VHN-115940
db:BIDid:100205
db:JVNDBid:JVNDB-2017-007035
db:CNNVDid:CNNVD-201708-467
db:NVDid:CVE-2017-7737

LAST UPDATE DATE

2024-08-14T14:39:42.191000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-115940date:2019-10-03T00:00:00
db:BIDid:100205date:2017-08-08T00:00:00
db:JVNDBid:JVNDB-2017-007035date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-467date:2019-10-23T00:00:00
db:NVDid:CVE-2017-7737date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:VULHUBid:VHN-115940date:2017-08-10T00:00:00
db:BIDid:100205date:2017-08-08T00:00:00
db:JVNDBid:JVNDB-2017-007035date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-467date:2017-08-11T00:00:00
db:NVDid:CVE-2017-7737date:2017-08-10T21:29:00.233