Details of VAR-202003-0526

ID

VAR-202003-0526

CVE

CVE-2019-6699

TITLE

Fortinet FortiADC Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014953

DESCRIPTION

An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. Fortinet FortiADC Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2019-6699 // JVNDB: JVNDB-2019-014953 // VULHUB: VHN-158134

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiadc	scope:	lte	version:	5.3.3	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	eq	version:	5.3.3	Trust: 0.8

sources: JVNDB: JVNDB-2019-014953 // NVD: CVE-2019-6699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6699
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-014953
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202003-780
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-158134
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-6699
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014953
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-158134
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6699
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014953
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158134 // JVNDB: JVNDB-2019-014953 // CNNVD: CNNVD-202003-780 // NVD: CVE-2019-6699

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-158134 // JVNDB: JVNDB-2019-014953 // NVD: CVE-2019-6699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-780

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-780

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014953

PATCH

title:	FG-IR-19-220	url:	https://fortiguard.com/advisory/FG-IR-19-220	Trust: 0.8
title:	Fortinet FortiADC Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=111915	Trust: 0.6

sources: JVNDB: JVNDB-2019-014953 // CNNVD: CNNVD-202003-780

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6699	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-014953	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-780	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0906	Trust: 0.6
db:	CNVD	id:	CNVD-2020-19575	Trust: 0.1
db:	VULHUB	id:	VHN-158134	Trust: 0.1

sources: VULHUB: VHN-158134 // JVNDB: JVNDB-2019-014953 // CNNVD: CNNVD-202003-780 // NVD: CVE-2019-6699

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-19-220	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6699	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6699	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0906/	Trust: 0.6

sources: VULHUB: VHN-158134 // JVNDB: JVNDB-2019-014953 // CNNVD: CNNVD-202003-780 // NVD: CVE-2019-6699

SOURCES

db:	VULHUB	id:	VHN-158134
db:	JVNDB	id:	JVNDB-2019-014953
db:	CNNVD	id:	CNNVD-202003-780
db:	NVD	id:	CVE-2019-6699

LAST UPDATE DATE

2024-08-14T13:24:53.750000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158134	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-014953	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-780	date:	2023-05-18T00:00:00
db:	NVD	id:	CVE-2019-6699	date:	2020-03-18T14:53:55.753

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158134	date:	2020-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-014953	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-780	date:	2020-03-12T00:00:00
db:	NVD	id:	CVE-2019-6699	date:	2020-03-13T16:15:12.113