Details of VAR-202003-0839

ID

VAR-202003-0839

CVE

CVE-2019-17653

TITLE

Fortinet FortiSIEM Cross-site request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014972

DESCRIPTION

A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. Fortinet FortiSIEM Exists in a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiSIEM is a security information and event management system developed by Fortinet Corporation. The system includes features such as asset discovery, workflow automation and unified management. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 1.71

sources: NVD: CVE-2019-17653 // JVNDB: JVNDB-2019-014972 // VULHUB: VHN-149921

AFFECTED PRODUCTS

vendor:

fortinet

model:

fortisiem

scope:

version:

5.2.5

Trust: 1.8

sources: JVNDB: JVNDB-2019-014972 // NVD: CVE-2019-17653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-17653
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014972
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202003-808
value:	HIGH
Trust: 0.6
VULHUB:	VHN-149921
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-17653
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014972
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-149921
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-17653
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014972
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-149921 // JVNDB: JVNDB-2019-014972 // CNNVD: CNNVD-202003-808 // NVD: CVE-2019-17653

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-149921 // JVNDB: JVNDB-2019-014972 // NVD: CVE-2019-17653

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-808

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202003-808

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014972

PATCH

title:	FG-IR-19-240	url:	https://fortiguard.com/psirt/%20FG-IR-19-240	Trust: 0.8
title:	Fortinet FortiSIEM Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112328	Trust: 0.6

sources: JVNDB: JVNDB-2019-014972 // CNNVD: CNNVD-202003-808

EXTERNAL IDS

db:	NVD	id:	CVE-2019-17653	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-014972	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-808	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0918	Trust: 0.6
db:	CNVD	id:	CNVD-2020-19914	Trust: 0.1
db:	VULHUB	id:	VHN-149921	Trust: 0.1

sources: VULHUB: VHN-149921 // JVNDB: JVNDB-2019-014972 // CNNVD: CNNVD-202003-808 // NVD: CVE-2019-17653

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-19-240	Trust: 1.7
url:	https://fortiguard.com/psirt/%20fg-ir-19-240	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17653	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17653	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0918/	Trust: 0.6

sources: VULHUB: VHN-149921 // JVNDB: JVNDB-2019-014972 // CNNVD: CNNVD-202003-808 // NVD: CVE-2019-17653

SOURCES

db:	VULHUB	id:	VHN-149921
db:	JVNDB	id:	JVNDB-2019-014972
db:	CNNVD	id:	CNNVD-202003-808
db:	NVD	id:	CVE-2019-17653

LAST UPDATE DATE

2024-11-23T22:11:36.173000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149921	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-014972	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-808	date:	2020-03-24T00:00:00
db:	NVD	id:	CVE-2019-17653	date:	2024-11-21T04:32:42.577

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149921	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014972	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-808	date:	2020-03-12T00:00:00
db:	NVD	id:	CVE-2019-17653	date:	2020-03-12T23:15:11.703