ID

VAR-201902-0550


CVE

CVE-2018-1352


TITLE

Fortinet FortiOS Vulnerabilities related to format strings

Trust: 0.8

sources: JVNDB: JVNDB-2019-001667

DESCRIPTION

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. Fortinet FortiOS Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a format string vulnerability. Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of the application. Fortinet FortiOS version 5.6.0 is vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

Trust: 1.98

sources: NVD: CVE-2018-1352 // JVNDB: JVNDB-2019-001667 // BID: 106960 // VULHUB: VHN-123587

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:eqversion:5.6.0

Trust: 1.8

vendor:fortinetmodel:fortiosscope:eqversion:5.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.6.1

Trust: 0.3

sources: BID: 106960 // JVNDB: JVNDB-2019-001667 // NVD: CVE-2018-1352

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1352
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-1352
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201902-184
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123587
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-1352
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123587
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1352
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123587 // JVNDB: JVNDB-2019-001667 // CNNVD: CNNVD-201902-184 // NVD: CVE-2018-1352

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2019-001667 // NVD: CVE-2018-1352

THREAT TYPE

network

Trust: 0.3

sources: BID: 106960

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-201902-184

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001667

PATCH

title:FG-IR-18-018url:https://fortiguard.com/advisory/FG-IR-18-018

Trust: 0.8

title:Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89077

Trust: 0.6

sources: JVNDB: JVNDB-2019-001667 // CNNVD: CNNVD-201902-184

EXTERNAL IDS

db:NVDid:CVE-2018-1352

Trust: 2.8

db:JVNDBid:JVNDB-2019-001667

Trust: 0.8

db:CNNVDid:CNNVD-201902-184

Trust: 0.7

db:NSFOCUSid:43887

Trust: 0.6

db:AUSCERTid:ESB-2019.0669

Trust: 0.6

db:BIDid:106960

Trust: 0.3

db:VULHUBid:VHN-123587

Trust: 0.1

sources: VULHUB: VHN-123587 // BID: 106960 // JVNDB: JVNDB-2019-001667 // CNNVD: CNNVD-201902-184 // NVD: CVE-2018-1352

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2018-1352

Trust: 1.4

url:https://fortiguard.com/advisory/fg-ir-18-018

Trust: 1.1

url:https://fortiguard.com/psirt/fg-ir-18-018

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1352

Trust: 0.8

url:https://fortiguard.com/advisory/fg-ir-18-018vendor advisory

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43887

Trust: 0.6

url:https://www.auscert.org.au/bulletins/76450

Trust: 0.6

url:http://www.fortinet.com/

Trust: 0.3

sources: VULHUB: VHN-123587 // BID: 106960 // JVNDB: JVNDB-2019-001667 // CNNVD: CNNVD-201902-184 // NVD: CVE-2018-1352

CREDITS

Simone Cardona

Trust: 0.3

sources: BID: 106960

SOURCES

db:VULHUBid:VHN-123587
db:BIDid:106960
db:JVNDBid:JVNDB-2019-001667
db:CNNVDid:CNNVD-201902-184
db:NVDid:CVE-2018-1352

LAST UPDATE DATE

2024-08-14T15:39:00.409000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-123587date:2019-02-08T00:00:00
db:BIDid:106960date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2019-001667date:2019-03-20T00:00:00
db:CNNVDid:CNNVD-201902-184date:2019-08-15T00:00:00
db:NVDid:CVE-2018-1352date:2019-02-08T20:02:51.610

SOURCES RELEASE DATE

db:VULHUBid:VHN-123587date:2019-02-08T00:00:00
db:BIDid:106960date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2019-001667date:2019-03-20T00:00:00
db:CNNVDid:CNNVD-201902-184date:2019-02-08T00:00:00
db:NVDid:CVE-2018-1352date:2019-02-08T18:29:00.237