Details of VAR-201911-1310

ID

VAR-201911-1310

CVE

CVE-2019-15705

TITLE

FortiOS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013080

DESCRIPTION

An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. FortiOS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

Trust: 1.71

sources: NVD: CVE-2019-15705 // JVNDB: JVNDB-2019-013080 // VULHUB: VHN-147778

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	lte	version:	6.0.6	Trust: 1.8
vendor:	fortinet	model:	fortios	scope:	lte	version:	6.2.1	Trust: 1.8
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.2.0	Trust: 1.0

sources: JVNDB: JVNDB-2019-013080 // NVD: CVE-2019-15705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15705
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15705
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1197
value:	HIGH
Trust: 0.6
VULHUB:	VHN-147778
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-15705
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-147778
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-15705
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15705
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-147778 // JVNDB: JVNDB-2019-013080 // CNNVD: CNNVD-201911-1197 // NVD: CVE-2019-15705

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-147778 // JVNDB: JVNDB-2019-013080 // NVD: CVE-2019-15705

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1197

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1197

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013080

PATCH

title:	FG-IR-19-236	url:	https://fortiguard.com/advisory/FG-IR-19-236	Trust: 0.8
title:	Fortinet FortiOS Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105210	Trust: 0.6

sources: JVNDB: JVNDB-2019-013080 // CNNVD: CNNVD-201911-1197

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15705	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-013080	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-1197	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4388	Trust: 0.6
db:	CNVD	id:	CNVD-2020-62947	Trust: 0.1
db:	VULHUB	id:	VHN-147778	Trust: 0.1

sources: VULHUB: VHN-147778 // JVNDB: JVNDB-2019-013080 // CNNVD: CNNVD-201911-1197 // NVD: CVE-2019-15705

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-19-236	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15705	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15705	Trust: 0.8
url:	https://fortiguard.com/psirt/fg-ir-19-236	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortios-denial-of-service-via-ssl-vpn-portal-post-request-31019	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4388/	Trust: 0.6

sources: VULHUB: VHN-147778 // JVNDB: JVNDB-2019-013080 // CNNVD: CNNVD-201911-1197 // NVD: CVE-2019-15705

SOURCES

db:	VULHUB	id:	VHN-147778
db:	JVNDB	id:	JVNDB-2019-013080
db:	CNNVD	id:	CNNVD-201911-1197
db:	NVD	id:	CVE-2019-15705

LAST UPDATE DATE

2024-08-14T15:22:54.111000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-147778	date:	2019-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-013080	date:	2019-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201911-1197	date:	2020-07-14T00:00:00
db:	NVD	id:	CVE-2019-15705	date:	2019-12-16T15:00:10.517

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-147778	date:	2019-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-013080	date:	2019-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201911-1197	date:	2019-11-20T00:00:00
db:	NVD	id:	CVE-2019-15705	date:	2019-11-27T21:15:12.747