Sign-up

ID

VAR-202004-2034


CVE

CVE-2020-6647


TITLE

FortiADC Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003889

DESCRIPTION

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. FortiADC Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Fortinet FortiADC is an application delivery controller from Fortinet. Attackers can use the 'name' parameter to exploit this vulnerability to execute code or commands

Trust: 1.71

sources: NVD: CVE-2020-6647 // JVNDB: JVNDB-2020-003889 // VULHUB: VHN-184772

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiadcscope:eqversion:5.4.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:lteversion:5.3.4

Trust: 1.0

vendor:fortinetmodel:fortiadcscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-003889 // NVD: CVE-2020-6647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6647
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003889
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-255
value: MEDIUM

Trust: 0.6

VULHUB: VHN-184772
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-6647
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003889
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-184772
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6647
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003889
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184772 // JVNDB: JVNDB-2020-003889 // CNNVD: CNNVD-202004-255 // NVD: CVE-2020-6647

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-184772 // JVNDB: JVNDB-2020-003889 // NVD: CVE-2020-6647

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-255

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-255

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003889

PATCH
title:FG-IR-20-012url:https://fortiguard.com/psirt/FG-IR-20-012
Trust: 0.8
title:Fortinet FortiADC Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115502
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003889 // 
            
            
            
            CNNVD: CNNVD-202004-255

EXTERNAL IDS
db:NVDid:CVE-2020-6647
Trust: 2.5
db:JVNDBid:JVNDB-2020-003889
Trust: 0.8
db:CNNVDid:CNNVD-202004-255
Trust: 0.7
db:AUSCERTid:ESB-2020.1226
Trust: 0.6
db:CNVDid:CNVD-2020-28473
Trust: 0.1
db:VULHUBid:VHN-184772
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184772 // 
            
            
            
            JVNDB: JVNDB-2020-003889 // 
            
            
            
            CNNVD: CNNVD-202004-255 // 
            
            
            
            NVD: CVE-2020-6647

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-20-012
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-6647
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6647
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1226/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-184772 // 
            
            
            
            JVNDB: JVNDB-2020-003889 // 
            
            
            
            CNNVD: CNNVD-202004-255 // 
            
            
            
            NVD: CVE-2020-6647

SOURCES
db:VULHUBid:VHN-184772
db:JVNDBid:JVNDB-2020-003889
db:CNNVDid:CNNVD-202004-255
db:NVDid:CVE-2020-6647

LAST UPDATE DATE
2024-08-14T15:12:20.231000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-184772date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003889date:2020-04-28T00:00:00
db:CNNVDid:CNNVD-202004-255date:2020-04-14T00:00:00
db:NVDid:CVE-2020-6647date:2020-04-09T16:50:06.857

SOURCES RELEASE DATE
db:VULHUBid:VHN-184772date:2020-04-07T00:00:00
db:JVNDBid:JVNDB-2020-003889date:2020-04-28T00:00:00
db:CNNVDid:CNNVD-202004-255date:2020-04-07T00:00:00
db:NVDid:CVE-2020-6647date:2020-04-07T19:15:13.127