Details of VAR-201908-0051

ID

VAR-201908-0051

CVE

CVE-2019-6695

TITLE

Fortinet FortiManager Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008216

DESCRIPTION

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. Fortinet FortiManager Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Fortinet FortiManager and Fortinet FortiManager VM are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager VM is a centralized network security management platform for virtual machines. The platform can group devices into different management domains (ADOMs) for secure deployment and management. There is a security vulnerability in Fortinet FortiManager VM versions before 6.2.0 and 6.0.6. The vulnerability is caused by the lack of root file system integrity check in the program. An attacker could exploit this vulnerability to inject third-party programs

Trust: 1.71

sources: NVD: CVE-2019-6695 // JVNDB: JVNDB-2019-008216 // VULHUB: VHN-158130

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortimanager	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lte	version:	6.0.6	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	6.2.1	Trust: 0.8

sources: JVNDB: JVNDB-2019-008216 // NVD: CVE-2019-6695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6695
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-6695
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201908-1931
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-158130
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-6695
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158130
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6695
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6695
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158130 // JVNDB: JVNDB-2019-008216 // CNNVD: CNNVD-201908-1931 // NVD: CVE-2019-6695

PROBLEMTYPE DATA

problemtype:	CWE-345	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-158130 // JVNDB: JVNDB-2019-008216 // NVD: CVE-2019-6695

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1931

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201908-1931

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008216

PATCH

title:	FG-IR-19-017	url:	https://fortiguard.com/psirt/FG-IR-19-017	Trust: 0.8
title:	Fortinet FortiManager VM Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=96983	Trust: 0.6

sources: JVNDB: JVNDB-2019-008216 // CNNVD: CNNVD-201908-1931

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6695	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008216	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1931	Trust: 0.7
db:	NSFOCUS	id:	44162	Trust: 0.6
db:	VULHUB	id:	VHN-158130	Trust: 0.1

sources: VULHUB: VHN-158130 // JVNDB: JVNDB-2019-008216 // CNNVD: CNNVD-201908-1931 // NVD: CVE-2019-6695

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-19-017	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6695	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6695	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/44162	Trust: 0.6

sources: VULHUB: VHN-158130 // JVNDB: JVNDB-2019-008216 // CNNVD: CNNVD-201908-1931 // NVD: CVE-2019-6695

SOURCES

db:	VULHUB	id:	VHN-158130
db:	JVNDB	id:	JVNDB-2019-008216
db:	CNNVD	id:	CNNVD-201908-1931
db:	NVD	id:	CVE-2019-6695

LAST UPDATE DATE

2024-08-14T15:23:03.532000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158130	date:	2023-03-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-008216	date:	2019-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201908-1931	date:	2023-03-02T00:00:00
db:	NVD	id:	CVE-2019-6695	date:	2023-03-01T18:38:45.647

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158130	date:	2019-08-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-008216	date:	2019-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201908-1931	date:	2019-08-23T00:00:00
db:	NVD	id:	CVE-2019-6695	date:	2019-08-23T21:15:12.193