ID

VAR-201911-1310


CVE

CVE-2019-15705


TITLE

FortiOS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013080

DESCRIPTION

An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. FortiOS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

Trust: 1.71

sources: NVD: CVE-2019-15705 // JVNDB: JVNDB-2019-013080 // VULHUB: VHN-147778

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:6.0.6

Trust: 1.8

vendor:fortinetmodel:fortiosscope:lteversion:6.2.1

Trust: 1.8

vendor:fortinetmodel:fortiosscope:gteversion:6.2.0

Trust: 1.0

sources: JVNDB: JVNDB-2019-013080 // NVD: CVE-2019-15705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15705
value: HIGH

Trust: 1.0

NVD: CVE-2019-15705
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-1197
value: HIGH

Trust: 0.6

VULHUB: VHN-147778
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15705
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147778
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15705
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15705
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-147778 // JVNDB: JVNDB-2019-013080 // CNNVD: CNNVD-201911-1197 // NVD: CVE-2019-15705

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-147778 // JVNDB: JVNDB-2019-013080 // NVD: CVE-2019-15705

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1197

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1197

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013080

PATCH

title:FG-IR-19-236url:https://fortiguard.com/advisory/FG-IR-19-236

Trust: 0.8

title:Fortinet FortiOS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105210

Trust: 0.6

sources: JVNDB: JVNDB-2019-013080 // CNNVD: CNNVD-201911-1197

EXTERNAL IDS

db:NVDid:CVE-2019-15705

Trust: 2.5

db:JVNDBid:JVNDB-2019-013080

Trust: 0.8

db:CNNVDid:CNNVD-201911-1197

Trust: 0.7

db:AUSCERTid:ESB-2019.4388

Trust: 0.6

db:CNVDid:CNVD-2020-62947

Trust: 0.1

db:VULHUBid:VHN-147778

Trust: 0.1

sources: VULHUB: VHN-147778 // JVNDB: JVNDB-2019-013080 // CNNVD: CNNVD-201911-1197 // NVD: CVE-2019-15705

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-19-236

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-15705

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15705

Trust: 0.8

url:https://fortiguard.com/psirt/fg-ir-19-236

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortios-denial-of-service-via-ssl-vpn-portal-post-request-31019

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4388/

Trust: 0.6

sources: VULHUB: VHN-147778 // JVNDB: JVNDB-2019-013080 // CNNVD: CNNVD-201911-1197 // NVD: CVE-2019-15705

SOURCES

db:VULHUBid:VHN-147778
db:JVNDBid:JVNDB-2019-013080
db:CNNVDid:CNNVD-201911-1197
db:NVDid:CVE-2019-15705

LAST UPDATE DATE

2024-08-14T15:22:54.111000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-147778date:2019-12-16T00:00:00
db:JVNDBid:JVNDB-2019-013080date:2019-12-19T00:00:00
db:CNNVDid:CNNVD-201911-1197date:2020-07-14T00:00:00
db:NVDid:CVE-2019-15705date:2019-12-16T15:00:10.517

SOURCES RELEASE DATE

db:VULHUBid:VHN-147778date:2019-11-27T00:00:00
db:JVNDBid:JVNDB-2019-013080date:2019-12-19T00:00:00
db:CNNVDid:CNNVD-201911-1197date:2019-11-20T00:00:00
db:NVDid:CVE-2019-15705date:2019-11-27T21:15:12.747