ID

VAR-201908-0051


CVE

CVE-2019-6695


TITLE

Fortinet FortiManager Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008216

DESCRIPTION

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. Fortinet FortiManager Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Fortinet FortiManager and Fortinet FortiManager VM are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager VM is a centralized network security management platform for virtual machines. The platform can group devices into different management domains (ADOMs) for secure deployment and management. There is a security vulnerability in Fortinet FortiManager VM versions before 6.2.0 and 6.0.6. The vulnerability is caused by the lack of root file system integrity check in the program. An attacker could exploit this vulnerability to inject third-party programs

Trust: 1.71

sources: NVD: CVE-2019-6695 // JVNDB: JVNDB-2019-008216 // VULHUB: VHN-158130

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimanagerscope:eqversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:lteversion:6.0.6

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:ltversion:6.2.1

Trust: 0.8

sources: JVNDB: JVNDB-2019-008216 // NVD: CVE-2019-6695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6695
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6695
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201908-1931
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158130
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6695
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158130
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6695
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-6695
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158130 // JVNDB: JVNDB-2019-008216 // CNNVD: CNNVD-201908-1931 // NVD: CVE-2019-6695

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-158130 // JVNDB: JVNDB-2019-008216 // NVD: CVE-2019-6695

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1931

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201908-1931

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008216

PATCH

title:FG-IR-19-017url:https://fortiguard.com/psirt/FG-IR-19-017

Trust: 0.8

title:Fortinet FortiManager VM Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=96983

Trust: 0.6

sources: JVNDB: JVNDB-2019-008216 // CNNVD: CNNVD-201908-1931

EXTERNAL IDS

db:NVDid:CVE-2019-6695

Trust: 2.5

db:JVNDBid:JVNDB-2019-008216

Trust: 0.8

db:CNNVDid:CNNVD-201908-1931

Trust: 0.7

db:NSFOCUSid:44162

Trust: 0.6

db:VULHUBid:VHN-158130

Trust: 0.1

sources: VULHUB: VHN-158130 // JVNDB: JVNDB-2019-008216 // CNNVD: CNNVD-201908-1931 // NVD: CVE-2019-6695

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-19-017

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-6695

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6695

Trust: 0.8

url:http://www.nsfocus.net/vulndb/44162

Trust: 0.6

sources: VULHUB: VHN-158130 // JVNDB: JVNDB-2019-008216 // CNNVD: CNNVD-201908-1931 // NVD: CVE-2019-6695

SOURCES

db:VULHUBid:VHN-158130
db:JVNDBid:JVNDB-2019-008216
db:CNNVDid:CNNVD-201908-1931
db:NVDid:CVE-2019-6695

LAST UPDATE DATE

2024-08-14T15:23:03.532000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-158130date:2023-03-01T00:00:00
db:JVNDBid:JVNDB-2019-008216date:2019-08-28T00:00:00
db:CNNVDid:CNNVD-201908-1931date:2023-03-02T00:00:00
db:NVDid:CVE-2019-6695date:2023-03-01T18:38:45.647

SOURCES RELEASE DATE

db:VULHUBid:VHN-158130date:2019-08-23T00:00:00
db:JVNDBid:JVNDB-2019-008216date:2019-08-28T00:00:00
db:CNNVDid:CNNVD-201908-1931date:2019-08-23T00:00:00
db:NVDid:CVE-2019-6695date:2019-08-23T21:15:12.193