ID

VAR-201711-0048


CVE

CVE-2017-14186


TITLE

Fortinet FortiOS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-011129

DESCRIPTION

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to a URI-redirection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible. Fortinet FortiOS 5.0 and prior, 5.2.0 through 5.2.12, 5.4.0 through 5.4.6 and 5.6.0 through 5.6.2 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. SSL-VPN portal is one of the VPN management interfaces. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. The following products and versions are affected: Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.6, 5.2.0 to 5.2.12, 5.0 and earlier

Trust: 2.07

sources: NVD: CVE-2017-14186 // JVNDB: JVNDB-2017-011129 // BID: 101955 // VULHUB: VHN-104883 // VULMON: CVE-2017-14186

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:5.0

Trust: 1.8

vendor:fortinetmodel:fortiosscope:lteversion:5.6.2

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.2.12

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.4.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.6.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gtversion:5.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.4.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:5.4.3

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.8

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.6

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.5

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.4

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.3

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.2

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.4.0

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.9

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.0 to 5.2.12

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.4.0 to 5.4.6

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.6.0 to 5.6.2

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.2.7

Trust: 0.6

vendor:fortinetmodel:fortiosscope:eqversion:5.6.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0

Trust: 0.3

sources: BID: 101955 // JVNDB: JVNDB-2017-011129 // CNNVD: CNNVD-201709-357 // NVD: CVE-2017-14186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14186
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-14186
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201709-357
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104883
value: LOW

Trust: 0.1

VULMON: CVE-2017-14186
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-14186
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-104883
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14186
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104883 // VULMON: CVE-2017-14186 // JVNDB: JVNDB-2017-011129 // CNNVD: CNNVD-201709-357 // NVD: CVE-2017-14186

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-104883 // JVNDB: JVNDB-2017-011129 // NVD: CVE-2017-14186

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-357

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201709-357

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011129

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-104883

PATCH

title:FG-IR-17-242url:https://fortiguard.com/psirt/FG-IR-17-242

Trust: 0.8

title:Fortinet FortiOS SSL-VPN Fixes for portal cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92981

Trust: 0.6

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: VULMON: CVE-2017-14186 // JVNDB: JVNDB-2017-011129 // CNNVD: CNNVD-201709-357

EXTERNAL IDS

db:NVDid:CVE-2017-14186

Trust: 2.9

db:BIDid:101955

Trust: 2.1

db:SECTRACKid:1039891

Trust: 1.8

db:JVNDBid:JVNDB-2017-011129

Trust: 0.8

db:CNNVDid:CNNVD-201709-357

Trust: 0.7

db:AUSCERTid:ESB-2019.1891.2

Trust: 0.6

db:AUSCERTid:ESB-2019.1891

Trust: 0.6

db:PACKETSTORMid:145196

Trust: 0.2

db:VULHUBid:VHN-104883

Trust: 0.1

db:VULMONid:CVE-2017-14186

Trust: 0.1

sources: VULHUB: VHN-104883 // VULMON: CVE-2017-14186 // BID: 101955 // JVNDB: JVNDB-2017-011129 // CNNVD: CNNVD-201709-357 // NVD: CVE-2017-14186

REFERENCES

url:http://www.securityfocus.com/bid/101955

Trust: 1.8

url:https://fortiguard.com/advisory/fg-ir-17-242

Trust: 1.8

url:http://www.securitytracker.com/id/1039891

Trust: 1.8

url:https://fortiguard.com/psirt/fg-ir-17-242

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14186

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-14186

Trust: 0.8

url:https://fortiguard.com/psirt/fg-ir-18-389

Trust: 0.6

url:https://fortiguard.com/psirt/fg-ir-18-384

Trust: 0.6

url:https://fortiguard.com/psirt/fg-ir-19-034

Trust: 0.6

url:https://fortiguard.com/psirt/fg-ir-18-383

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1891/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1891.2/

Trust: 0.6

url:https://www.fortinet.com/products/fortigate/fortios.html

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://packetstormsecurity.com/files/145196/fortigate-ssl-vpn-portal-5.x-cross-site-scripting.html

Trust: 0.1

url:https://github.com/arpsyndicate/kenzer-templates

Trust: 0.1

sources: VULHUB: VHN-104883 // VULMON: CVE-2017-14186 // BID: 101955 // JVNDB: JVNDB-2017-011129 // CNNVD: CNNVD-201709-357 // NVD: CVE-2017-14186

CREDITS

Stefan Viehbck from SEC Consult Vulnerability Lab

Trust: 0.3

sources: BID: 101955

SOURCES

db:VULHUBid:VHN-104883
db:VULMONid:CVE-2017-14186
db:BIDid:101955
db:JVNDBid:JVNDB-2017-011129
db:CNNVDid:CNNVD-201709-357
db:NVDid:CVE-2017-14186

LAST UPDATE DATE

2024-08-14T14:39:36.473000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-104883date:2019-05-29T00:00:00
db:VULMONid:CVE-2017-14186date:2019-05-29T00:00:00
db:BIDid:101955date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-011129date:2018-01-09T00:00:00
db:CNNVDid:CNNVD-201709-357date:2019-06-06T00:00:00
db:NVDid:CVE-2017-14186date:2019-05-29T18:29:00.287

SOURCES RELEASE DATE

db:VULHUBid:VHN-104883date:2017-11-29T00:00:00
db:VULMONid:CVE-2017-14186date:2017-11-29T00:00:00
db:BIDid:101955date:2017-11-23T00:00:00
db:JVNDBid:JVNDB-2017-011129date:2018-01-09T00:00:00
db:CNNVDid:CNNVD-201709-357date:2017-09-12T00:00:00
db:NVDid:CVE-2017-14186date:2017-11-29T19:29:00.273