Details of VAR-201711-0048

ID

VAR-201711-0048

CVE

CVE-2017-14186

TITLE

Fortinet FortiOS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-011129

DESCRIPTION

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to a URI-redirection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible. Fortinet FortiOS 5.0 and prior, 5.2.0 through 5.2.12, 5.4.0 through 5.4.6 and 5.6.0 through 5.6.2 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. SSL-VPN portal is one of the VPN management interfaces. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. The following products and versions are affected: Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.6, 5.2.0 to 5.2.12, 5.0 and earlier

Trust: 2.07

sources: NVD: CVE-2017-14186 // JVNDB: JVNDB-2017-011129 // BID: 101955 // VULHUB: VHN-104883 // VULMON: CVE-2017-14186

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	lte	version:	5.0	Trust: 1.8
vendor:	fortinet	model:	fortios	scope:	lte	version:	5.6.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	5.2.12	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.4.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gt	version:	5.2.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	5.4.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.3	Trust: 0.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.8	Trust: 0.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.6	Trust: 0.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.5	Trust: 0.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.4	Trust: 0.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.3	Trust: 0.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.2	Trust: 0.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.0	Trust: 0.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.9	Trust: 0.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.0 to 5.2.12	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.0 to 5.4.6	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.0 to 5.6.2	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.7	Trust: 0.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.11	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 101955 // JVNDB: JVNDB-2017-011129 // CNNVD: CNNVD-201709-357 // NVD: CVE-2017-14186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-14186
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-14186
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201709-357
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-104883
value:	LOW
Trust: 0.1
VULMON:	CVE-2017-14186
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-14186
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-104883
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-14186
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-104883 // VULMON: CVE-2017-14186 // JVNDB: JVNDB-2017-011129 // CNNVD: CNNVD-201709-357 // NVD: CVE-2017-14186

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-104883 // JVNDB: JVNDB-2017-011129 // NVD: CVE-2017-14186

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-357

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201709-357

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011129

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-104883

PATCH

title:	FG-IR-17-242	url:	https://fortiguard.com/psirt/FG-IR-17-242	Trust: 0.8
title:	Fortinet FortiOS SSL-VPN Fixes for portal cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92981	Trust: 0.6
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: VULMON: CVE-2017-14186 // JVNDB: JVNDB-2017-011129 // CNNVD: CNNVD-201709-357

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14186	Trust: 2.9
db:	BID	id:	101955	Trust: 2.1
db:	SECTRACK	id:	1039891	Trust: 1.8
db:	JVNDB	id:	JVNDB-2017-011129	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-357	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1891.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1891	Trust: 0.6
db:	PACKETSTORM	id:	145196	Trust: 0.2
db:	VULHUB	id:	VHN-104883	Trust: 0.1
db:	VULMON	id:	CVE-2017-14186	Trust: 0.1

sources: VULHUB: VHN-104883 // VULMON: CVE-2017-14186 // BID: 101955 // JVNDB: JVNDB-2017-011129 // CNNVD: CNNVD-201709-357 // NVD: CVE-2017-14186

REFERENCES

url:	http://www.securityfocus.com/bid/101955	Trust: 1.8
url:	https://fortiguard.com/advisory/fg-ir-17-242	Trust: 1.8
url:	http://www.securitytracker.com/id/1039891	Trust: 1.8
url:	https://fortiguard.com/psirt/fg-ir-17-242	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14186	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14186	Trust: 0.8
url:	https://fortiguard.com/psirt/fg-ir-18-389	Trust: 0.6
url:	https://fortiguard.com/psirt/fg-ir-18-384	Trust: 0.6
url:	https://fortiguard.com/psirt/fg-ir-19-034	Trust: 0.6
url:	https://fortiguard.com/psirt/fg-ir-18-383	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1891/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1891.2/	Trust: 0.6
url:	https://www.fortinet.com/products/fortigate/fortios.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://packetstormsecurity.com/files/145196/fortigate-ssl-vpn-portal-5.x-cross-site-scripting.html	Trust: 0.1
url:	https://github.com/arpsyndicate/kenzer-templates	Trust: 0.1

sources: VULHUB: VHN-104883 // VULMON: CVE-2017-14186 // BID: 101955 // JVNDB: JVNDB-2017-011129 // CNNVD: CNNVD-201709-357 // NVD: CVE-2017-14186

CREDITS

Stefan Viehbck from SEC Consult Vulnerability Lab

Trust: 0.3

sources: BID: 101955

SOURCES

db:	VULHUB	id:	VHN-104883
db:	VULMON	id:	CVE-2017-14186
db:	BID	id:	101955
db:	JVNDB	id:	JVNDB-2017-011129
db:	CNNVD	id:	CNNVD-201709-357
db:	NVD	id:	CVE-2017-14186

LAST UPDATE DATE

2024-08-14T14:39:36.473000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-104883	date:	2019-05-29T00:00:00
db:	VULMON	id:	CVE-2017-14186	date:	2019-05-29T00:00:00
db:	BID	id:	101955	date:	2017-12-19T22:37:00
db:	JVNDB	id:	JVNDB-2017-011129	date:	2018-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201709-357	date:	2019-06-06T00:00:00
db:	NVD	id:	CVE-2017-14186	date:	2019-05-29T18:29:00.287

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-104883	date:	2017-11-29T00:00:00
db:	VULMON	id:	CVE-2017-14186	date:	2017-11-29T00:00:00
db:	BID	id:	101955	date:	2017-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-011129	date:	2018-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201709-357	date:	2017-09-12T00:00:00
db:	NVD	id:	CVE-2017-14186	date:	2017-11-29T19:29:00.273