ID

VAR-202003-0756


CVE

CVE-2019-16157


TITLE

Fortinet FortiWeb Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014955

DESCRIPTION

An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. Fortinet FortiWeb There is an information leakage vulnerability in.Information may be obtained. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2019-16157 // JVNDB: JVNDB-2019-014955 // VULHUB: VHN-148275

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:lteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.2.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-014955 // NVD: CVE-2019-16157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16157
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-014955
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202003-715
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148275
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-16157
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014955
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-148275
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-16157
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014955
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-148275 // JVNDB: JVNDB-2019-014955 // CNNVD: CNNVD-202003-715 // NVD: CVE-2019-16157

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-532

Trust: 1.0

sources: VULHUB: VHN-148275 // JVNDB: JVNDB-2019-014955 // NVD: CVE-2019-16157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-715

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202003-715

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014955

PATCH

title:FG-IR-19-269url:https://fortiguard.com/psirt/FG-IR-19-269

Trust: 0.8

title:Fortinet FortiWeb Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112294

Trust: 0.6

sources: JVNDB: JVNDB-2019-014955 // CNNVD: CNNVD-202003-715

EXTERNAL IDS

db:NVDid:CVE-2019-16157

Trust: 2.5

db:JVNDBid:JVNDB-2019-014955

Trust: 0.8

db:CNNVDid:CNNVD-202003-715

Trust: 0.7

db:AUSCERTid:ESB-2020.0899

Trust: 0.6

db:VULHUBid:VHN-148275

Trust: 0.1

sources: VULHUB: VHN-148275 // JVNDB: JVNDB-2019-014955 // CNNVD: CNNVD-202003-715 // NVD: CVE-2019-16157

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-19-269

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-16157

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16157

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0899/

Trust: 0.6

sources: VULHUB: VHN-148275 // JVNDB: JVNDB-2019-014955 // CNNVD: CNNVD-202003-715 // NVD: CVE-2019-16157

CREDITS

Danilo Costa from PBI

Trust: 0.6

sources: CNNVD: CNNVD-202003-715

SOURCES

db:VULHUBid:VHN-148275
db:JVNDBid:JVNDB-2019-014955
db:CNNVDid:CNNVD-202003-715
db:NVDid:CVE-2019-16157

LAST UPDATE DATE

2024-08-14T14:44:58.476000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-148275date:2020-03-18T00:00:00
db:JVNDBid:JVNDB-2019-014955date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-715date:2020-03-19T00:00:00
db:NVDid:CVE-2019-16157date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-148275date:2020-03-13T00:00:00
db:JVNDBid:JVNDB-2019-014955date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-715date:2020-03-12T00:00:00
db:NVDid:CVE-2019-16157date:2020-03-13T16:15:11.893