ID

VAR-202001-0771


CVE

CVE-2019-15707


TITLE

FortiMail admin  Vulnerable to unauthorized authentication

Trust: 0.8

sources: JVNDB: JVNDB-2019-014334

DESCRIPTION

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. FortiMail admin Contains an incorrect authentication vulnerability.Information may be obtained. Fortinet FortiMail is a suite of e-mail security gateway products from Fortinet. The product provides features such as email security and data protection. Fortinet FortiMail version 6.2.0, versions 6.0.0 to 6.0.6, and versions 5.4.10 and earlier have security vulnerabilities. Attackers can exploit this vulnerability to download system backup configuration files

Trust: 1.71

sources: NVD: CVE-2019-15707 // JVNDB: JVNDB-2019-014334 // VULHUB: VHN-147780

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:lteversion:6.0.6

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:5.4.10

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:6.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortimailscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion:6.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion:6.0.0 to 6.0.6

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:lteversion:5.4.10

Trust: 0.8

sources: JVNDB: JVNDB-2019-014334 // NVD: CVE-2019-15707

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15707
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15707
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-1250
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147780
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15707
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147780
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15707
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15707
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-147780 // JVNDB: JVNDB-2019-014334 // CNNVD: CNNVD-201910-1250 // NVD: CVE-2019-15707

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Incorrect authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-014334 // NVD: CVE-2019-15707

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1250

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1250

PATCH

title:FG-IR-19-237url:https://fortiguard.com/psirt/FG-IR-19-237

Trust: 0.8

title:Fortinet FortiMail Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110857

Trust: 0.6

sources: JVNDB: JVNDB-2019-014334 // CNNVD: CNNVD-201910-1250

EXTERNAL IDS

db:NVDid:CVE-2019-15707

Trust: 2.5

db:JVNDBid:JVNDB-2019-014334

Trust: 0.8

db:CNNVDid:CNNVD-201910-1250

Trust: 0.7

db:AUSCERTid:ESB-2019.3914.2

Trust: 0.6

db:AUSCERTid:ESB-2019.3914

Trust: 0.6

db:VULHUBid:VHN-147780

Trust: 0.1

sources: VULHUB: VHN-147780 // JVNDB: JVNDB-2019-014334 // CNNVD: CNNVD-201910-1250 // NVD: CVE-2019-15707

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-19-237

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-15707

Trust: 1.4

url:https://fortiguard.com/psirt/fg-ir-19-237

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3914/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3914.2/

Trust: 0.6

sources: VULHUB: VHN-147780 // JVNDB: JVNDB-2019-014334 // CNNVD: CNNVD-201910-1250 // NVD: CVE-2019-15707

SOURCES

db:VULHUBid:VHN-147780
db:JVNDBid:JVNDB-2019-014334
db:CNNVDid:CNNVD-201910-1250
db:NVDid:CVE-2019-15707

LAST UPDATE DATE

2024-08-14T14:26:00.203000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-147780date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-014334date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-201910-1250date:2020-10-22T00:00:00
db:NVDid:CVE-2019-15707date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:VULHUBid:VHN-147780date:2020-01-23T00:00:00
db:JVNDBid:JVNDB-2019-014334date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-201910-1250date:2019-10-21T00:00:00
db:NVDid:CVE-2019-15707date:2020-01-23T18:15:13.197