Sign-up

ID

VAR-201906-0201


CVE

CVE-2019-5587


TITLE

Fortinet FortiOS VM Application input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005165

DESCRIPTION

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods. Fortinet FortiOS VM The application contains an input validation vulnerability.Information may be tampered with. Fortinet FortiOS VM is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Versions prior to FortiOS VM 6.0.5 are vulnerable. Fortinet FortiOS VM is a security operating system running on a virtualization platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. The vulnerability is caused by the lack of integrity checks in the program. An attacker could exploit this vulnerability to execute unauthorized code or commands

Trust: 1.98

sources: NVD: CVE-2019-5587 // JVNDB: JVNDB-2019-005165 // BID: 108628 // VULHUB: VHN-157022

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:ltversion:6.0.5

Trust: 1.8

vendor:fortinetmodel:fortiosscope:eqversion:6.0.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.7.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.19

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.17

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.15

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.9

Trust: 0.3

vendor:fortinetmodel:fortios b0630scope:eqversion:4.3.8

Trust: 0.3

vendor:fortinetmodel:fortios b0537scope:eqversion:4.3.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.2.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.2.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.1.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.1.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.80

Trust: 0.3

vendor:fortinetmodel:fortios mr5scope:eqversion:2.50

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.50

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.36

Trust: 0.3

vendor:fortinetmodel:fortios mr10scope:eqversion:2.8

Trust: 0.3

vendor:fortinetmodel:fortios 0mr4scope:eqversion:2.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.18

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.16

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.14

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.12

Trust: 0.3

vendor:fortinetmodel:fortios mr2scope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:fortios mr1scope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:fortios mr12scope:eqversion:2.80

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:6.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:6.0.5

Trust: 0.3

sources: BID: 108628 // JVNDB: JVNDB-2019-005165 // NVD: CVE-2019-5587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5587
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5587
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-880
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157022
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5587
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-157022
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5587
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5587
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-157022 // JVNDB: JVNDB-2019-005165 // CNNVD: CNNVD-201905-880 // NVD: CVE-2019-5587

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-157022 // JVNDB: JVNDB-2019-005165 // NVD: CVE-2019-5587

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-880

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-880

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005165

PATCH
title:FG-IR-19-017url:https://fortiguard.com/advisory/FG-IR-19-017
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-005165

EXTERNAL IDS
db:NVDid:CVE-2019-5587
Trust: 2.8
db:BIDid:108628
Trust: 2.0
db:JVNDBid:JVNDB-2019-005165
Trust: 0.8
db:CNNVDid:CNNVD-201905-880
Trust: 0.7
db:AUSCERTid:ESB-2019.1824
Trust: 0.6
db:NSFOCUSid:44161
Trust: 0.6
db:VULHUBid:VHN-157022
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157022 // 
            
            
            
            BID: 108628 // 
            
            
            
            JVNDB: JVNDB-2019-005165 // 
            
            
            
            CNNVD: CNNVD-201905-880 // 
            
            
            
            NVD: CVE-2019-5587

REFERENCES
url:http://www.securityfocus.com/bid/108628
Trust: 2.3
url:https://fortiguard.com/advisory/fg-ir-19-017
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5587
Trust: 1.4
url:https://www.fortinet.com/products/fortigate/fortios.html
Trust: 0.9
url:https://fortiguard.com/psirt/fg-ir-19-017
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5587
Trust: 0.8
url:https://vigilance.fr/vulnerability/fortios-vm-privilege-escalation-via-image-file-system-integrity-29468
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.1824/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/44161
Trust: 0.6
url:https://www.fortinet.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-157022 // 
            
            
            
            BID: 108628 // 
            
            
            
            JVNDB: JVNDB-2019-005165 // 
            
            
            
            CNNVD: CNNVD-201905-880 // 
            
            
            
            NVD: CVE-2019-5587

CREDITS
Bart Dopheide from Axians.
Trust: 0.9
sources:
            
            
            BID: 108628 // 
            
            
            
            CNNVD: CNNVD-201905-880

SOURCES
db:VULHUBid:VHN-157022
db:BIDid:108628
db:JVNDBid:JVNDB-2019-005165
db:CNNVDid:CNNVD-201905-880
db:NVDid:CVE-2019-5587

LAST UPDATE DATE
2024-08-14T15:12:48.121000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-157022date:2019-06-06T00:00:00
db:BIDid:108628date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-005165date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201905-880date:2022-04-24T00:00:00
db:NVDid:CVE-2019-5587date:2022-04-22T20:11:13.657

SOURCES RELEASE DATE
db:VULHUBid:VHN-157022date:2019-06-04T00:00:00
db:BIDid:108628date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-005165date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201905-880date:2019-05-22T00:00:00
db:NVDid:CVE-2019-5587date:2019-06-04T22:29:00.377