Details of VAR-202001-0176

ID

VAR-202001-0176

CVE

CVE-2019-6700

TITLE

FortiSIEM Vulnerable to insufficient protection of credentials

Trust: 0.8

sources: JVNDB: JVNDB-2019-013880

DESCRIPTION

An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. FortiSIEM Contains a vulnerability related to insufficient protection of credentials.Information may be obtained. Fortinet FortiSIEM is a security information and event management system developed by Fortinet Corporation. The system includes features such as asset discovery, workflow automation and unified management. An information disclosure vulnerability exists in Fortinet FortiSIEM 5.2.2 and earlier versions. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2019-6700 // JVNDB: JVNDB-2019-013880 // VULHUB: VHN-158135

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisiem	scope:	lt	version:	5.2.5	Trust: 1.0
vendor:	fortinet	model:	fortisiem	scope:	lte	version:	5.2.2	Trust: 0.8
vendor:	fortinet	model:	fortisiem	scope:	eq	version:	5.1.1	Trust: 0.6
vendor:	fortinet	model:	fortisiem	scope:	eq	version:	4.10.0	Trust: 0.6
vendor:	fortinet	model:	fortisiem	scope:	eq	version:	5.2.0	Trust: 0.6
vendor:	fortinet	model:	fortisiem	scope:	eq	version:	5.0.1	Trust: 0.6
vendor:	fortinet	model:	fortisiem	scope:	eq	version:	5.1.2	Trust: 0.6
vendor:	fortinet	model:	fortisiem	scope:	eq	version:	5.2.1	Trust: 0.6
vendor:	fortinet	model:	fortisiem	scope:	eq	version:	5.0.0	Trust: 0.6
vendor:	fortinet	model:	fortisiem	scope:	eq	version:	5.1.0	Trust: 0.6

sources: JVNDB: JVNDB-2019-013880 // CNNVD: CNNVD-201910-519 // NVD: CVE-2019-6700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6700
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6700
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201910-519
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-158135
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6700
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158135
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6700
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6700
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158135 // JVNDB: JVNDB-2019-013880 // CNNVD: CNNVD-201910-519 // NVD: CVE-2019-6700

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.9
problemtype:	CWE-200	Trust: 1.0

sources: VULHUB: VHN-158135 // JVNDB: JVNDB-2019-013880 // NVD: CVE-2019-6700

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-519

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201910-519

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013880

PATCH

title:	FG-IR-19-100	url:	https://fortiguard.com/psirt/FG-IR-19-100	Trust: 0.8
title:	Fortinet FortiSIEM Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99167	Trust: 0.6

sources: JVNDB: JVNDB-2019-013880 // CNNVD: CNNVD-201910-519

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6700	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-013880	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-519	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3781	Trust: 0.6
db:	CNVD	id:	CNVD-2020-04291	Trust: 0.1
db:	VULHUB	id:	VHN-158135	Trust: 0.1

sources: VULHUB: VHN-158135 // JVNDB: JVNDB-2019-013880 // CNNVD: CNNVD-201910-519 // NVD: CVE-2019-6700

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-19-100	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6700	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6700	Trust: 0.8
url:	https://fortiguard.com/psirt/fg-ir-19-100	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3781/	Trust: 0.6

sources: VULHUB: VHN-158135 // JVNDB: JVNDB-2019-013880 // CNNVD: CNNVD-201910-519 // NVD: CVE-2019-6700

SOURCES

db:	VULHUB	id:	VHN-158135
db:	JVNDB	id:	JVNDB-2019-013880
db:	CNNVD	id:	CNNVD-201910-519
db:	NVD	id:	CVE-2019-6700

LAST UPDATE DATE

2024-11-23T22:51:32.055000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158135	date:	2020-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-013880	date:	2020-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201910-519	date:	2020-01-17T00:00:00
db:	NVD	id:	CVE-2019-6700	date:	2024-11-21T04:46:58.753

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158135	date:	2020-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-013880	date:	2020-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201910-519	date:	2019-10-09T00:00:00
db:	NVD	id:	CVE-2019-6700	date:	2020-01-07T19:15:10.993