Details of VAR-201902-0550

ID

VAR-201902-0550

CVE

CVE-2018-1352

TITLE

Fortinet FortiOS Vulnerabilities related to format strings

Trust: 0.8

sources: JVNDB: JVNDB-2019-001667

DESCRIPTION

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. Fortinet FortiOS Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a format string vulnerability. Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of the application. Fortinet FortiOS version 5.6.0 is vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

Trust: 1.98

sources: NVD: CVE-2018-1352 // JVNDB: JVNDB-2019-001667 // BID: 106960 // VULHUB: VHN-123587

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.0	Trust: 1.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	5.6.1	Trust: 0.3

sources: BID: 106960 // JVNDB: JVNDB-2019-001667 // NVD: CVE-2018-1352

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-1352
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-1352
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201902-184
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-123587
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-1352
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-123587
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-1352
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-123587 // JVNDB: JVNDB-2019-001667 // CNNVD: CNNVD-201902-184 // NVD: CVE-2018-1352

PROBLEMTYPE DATA

problemtype:

CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2019-001667 // NVD: CVE-2018-1352

THREAT TYPE

network

Trust: 0.3

sources: BID: 106960

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-201902-184

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001667

PATCH

title:	FG-IR-18-018	url:	https://fortiguard.com/advisory/FG-IR-18-018	Trust: 0.8
title:	Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89077	Trust: 0.6

sources: JVNDB: JVNDB-2019-001667 // CNNVD: CNNVD-201902-184

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1352	Trust: 2.8
db:	JVNDB	id:	JVNDB-2019-001667	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-184	Trust: 0.7
db:	NSFOCUS	id:	43887	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0669	Trust: 0.6
db:	BID	id:	106960	Trust: 0.3
db:	VULHUB	id:	VHN-123587	Trust: 0.1

sources: VULHUB: VHN-123587 // BID: 106960 // JVNDB: JVNDB-2019-001667 // CNNVD: CNNVD-201902-184 // NVD: CVE-2018-1352

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-1352	Trust: 1.4
url:	https://fortiguard.com/advisory/fg-ir-18-018	Trust: 1.1
url:	https://fortiguard.com/psirt/fg-ir-18-018	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1352	Trust: 0.8
url:	https://fortiguard.com/advisory/fg-ir-18-018vendor advisory	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43887	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76450	Trust: 0.6
url:	http://www.fortinet.com/	Trust: 0.3

sources: VULHUB: VHN-123587 // BID: 106960 // JVNDB: JVNDB-2019-001667 // CNNVD: CNNVD-201902-184 // NVD: CVE-2018-1352

CREDITS

Simone Cardona

Trust: 0.3

sources: BID: 106960

SOURCES

db:	VULHUB	id:	VHN-123587
db:	BID	id:	106960
db:	JVNDB	id:	JVNDB-2019-001667
db:	CNNVD	id:	CNNVD-201902-184
db:	NVD	id:	CVE-2018-1352

LAST UPDATE DATE

2024-08-14T15:39:00.409000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123587	date:	2019-02-08T00:00:00
db:	BID	id:	106960	date:	2019-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-001667	date:	2019-03-20T00:00:00
db:	CNNVD	id:	CNNVD-201902-184	date:	2019-08-15T00:00:00
db:	NVD	id:	CVE-2018-1352	date:	2019-02-08T20:02:51.610

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123587	date:	2019-02-08T00:00:00
db:	BID	id:	106960	date:	2019-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-001667	date:	2019-03-20T00:00:00
db:	CNNVD	id:	CNNVD-201902-184	date:	2019-02-08T00:00:00
db:	NVD	id:	CVE-2018-1352	date:	2019-02-08T18:29:00.237