Details of VAR-202003-0756

ID

VAR-202003-0756

CVE

CVE-2019-16157

TITLE

Fortinet FortiWeb Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014955

DESCRIPTION

An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. Fortinet FortiWeb There is an information leakage vulnerability in.Information may be obtained. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2019-16157 // JVNDB: JVNDB-2019-014955 // VULHUB: VHN-148275

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.2.0	Trust: 0.8

sources: JVNDB: JVNDB-2019-014955 // NVD: CVE-2019-16157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-16157
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-014955
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202003-715
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148275
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-16157
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014955
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-148275
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-16157
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014955
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-148275 // JVNDB: JVNDB-2019-014955 // CNNVD: CNNVD-202003-715 // NVD: CVE-2019-16157

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-532	Trust: 1.0

sources: VULHUB: VHN-148275 // JVNDB: JVNDB-2019-014955 // NVD: CVE-2019-16157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-715

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202003-715

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014955

PATCH

title:	FG-IR-19-269	url:	https://fortiguard.com/psirt/FG-IR-19-269	Trust: 0.8
title:	Fortinet FortiWeb Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112294	Trust: 0.6

sources: JVNDB: JVNDB-2019-014955 // CNNVD: CNNVD-202003-715

EXTERNAL IDS

db:	NVD	id:	CVE-2019-16157	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-014955	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-715	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0899	Trust: 0.6
db:	VULHUB	id:	VHN-148275	Trust: 0.1

sources: VULHUB: VHN-148275 // JVNDB: JVNDB-2019-014955 // CNNVD: CNNVD-202003-715 // NVD: CVE-2019-16157

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-19-269	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16157	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16157	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0899/	Trust: 0.6

sources: VULHUB: VHN-148275 // JVNDB: JVNDB-2019-014955 // CNNVD: CNNVD-202003-715 // NVD: CVE-2019-16157

CREDITS

Danilo Costa from PBI

Trust: 0.6

sources: CNNVD: CNNVD-202003-715

SOURCES

db:	VULHUB	id:	VHN-148275
db:	JVNDB	id:	JVNDB-2019-014955
db:	CNNVD	id:	CNNVD-202003-715
db:	NVD	id:	CVE-2019-16157

LAST UPDATE DATE

2024-08-14T14:44:58.476000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148275	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-014955	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-715	date:	2020-03-19T00:00:00
db:	NVD	id:	CVE-2019-16157	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148275	date:	2020-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-014955	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-715	date:	2020-03-12T00:00:00
db:	NVD	id:	CVE-2019-16157	date:	2020-03-13T16:15:11.893