Sign-up

ID

VAR-202006-1548


CVE

CVE-2020-9288


TITLE

Fortinet FortiWLC Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-24254 // CNNVD: CNNVD-202006-1543

DESCRIPTION

An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. FortiWLC Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Fortinet FortiWLC is a wireless LAN controller from Fortinet. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2020-9288 // JVNDB: JVNDB-2020-006974 // CNVD: CNVD-2021-24254 // VULHUB: VHN-187413

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-24254

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwlcscope:lteversion:8.5.1

Trust: 1.0

vendor:fortinetmodel:fortiwlcscope:eqversion:8.5.1

Trust: 0.8

vendor:fortinetmodel:fortiwlcscope:lteversion:<=8.5.1

Trust: 0.6

sources: CNVD: CNVD-2021-24254 // JVNDB: JVNDB-2020-006974 // NVD: CVE-2020-9288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9288
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006974
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-24254
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1543
value: MEDIUM

Trust: 0.6

VULHUB: VHN-187413
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-9288
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006974
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-24254
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-187413
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9288
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006974
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-24254 // VULHUB: VHN-187413 // JVNDB: JVNDB-2020-006974 // CNNVD: CNNVD-202006-1543 // NVD: CVE-2020-9288

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-187413 // JVNDB: JVNDB-2020-006974 // NVD: CVE-2020-9288

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1543

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202006-1543

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006974

PATCH
title:FG-IR-20-016url:https://fortiguard.com/advisory/FG-IR-20-016
Trust: 0.8
title:Patch for Fortinet FortiWLC Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/255401
Trust: 0.6
title:Fortinet FortiWLC Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122693
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-24254 // 
            
            
            
            JVNDB: JVNDB-2020-006974 // 
            
            
            
            CNNVD: CNNVD-202006-1543

EXTERNAL IDS
db:NVDid:CVE-2020-9288
Trust: 3.1
db:JVNDBid:JVNDB-2020-006974
Trust: 0.8
db:CNNVDid:CNNVD-202006-1543
Trust: 0.7
db:CNVDid:CNVD-2021-24254
Trust: 0.6
db:AUSCERTid:ESB-2020.2167
Trust: 0.6
db:NSFOCUSid:46966
Trust: 0.6
db:VULHUBid:VHN-187413
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-24254 // 
            
            
            
            VULHUB: VHN-187413 // 
            
            
            
            JVNDB: JVNDB-2020-006974 // 
            
            
            
            CNNVD: CNNVD-202006-1543 // 
            
            
            
            NVD: CVE-2020-9288

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-9288
Trust: 2.0
url:https://fortiguard.com/advisory/fg-ir-20-016
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9288
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46966
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2167/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-24254 // 
            
            
            
            VULHUB: VHN-187413 // 
            
            
            
            JVNDB: JVNDB-2020-006974 // 
            
            
            
            CNNVD: CNNVD-202006-1543 // 
            
            
            
            NVD: CVE-2020-9288

SOURCES
db:CNVDid:CNVD-2021-24254
db:VULHUBid:VHN-187413
db:JVNDBid:JVNDB-2020-006974
db:CNNVDid:CNNVD-202006-1543
db:NVDid:CVE-2020-9288

LAST UPDATE DATE
2024-11-23T22:21:06.161000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-24254date:2021-04-01T00:00:00
db:VULHUBid:VHN-187413date:2020-06-26T00:00:00
db:JVNDBid:JVNDB-2020-006974date:2020-07-28T00:00:00
db:CNNVDid:CNNVD-202006-1543date:2020-06-30T00:00:00
db:NVDid:CVE-2020-9288date:2024-11-21T05:40:21.787

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-24254date:2021-03-31T00:00:00
db:VULHUBid:VHN-187413date:2020-06-22T00:00:00
db:JVNDBid:JVNDB-2020-006974date:2020-07-28T00:00:00
db:CNNVDid:CNNVD-202006-1543date:2020-06-22T00:00:00
db:NVDid:CVE-2020-9288date:2020-06-22T16:15:12.120