Details of VAR-202111-0204

ID

VAR-202111-0204

CVE

CVE-2020-12814

TITLE

Fortinet FortiAnalyzer Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014347

DESCRIPTION

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. Fortinet FortiAnalyzer Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2020-12814 // JVNDB: JVNDB-2021-014347 // VULHUB: VHN-165530

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortianalyzer	scope:	eq	version:	6.4.4	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lte	version:	6.0.6	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortianalyzer	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortianalyzer	scope:	lte	version:	6.0.6 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	fortianalyzer	scope:	eq	version:	6.4.4	Trust: 0.8

sources: JVNDB: JVNDB-2021-014347 // NVD: CVE-2020-12814

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12814
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2020-12814
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-12814
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202111-310
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-165530
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-12814
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-165530
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12814
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2020-12814
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12814
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165530 // JVNDB: JVNDB-2021-014347 // CNNVD: CNNVD-202111-310 // NVD: CVE-2020-12814 // NVD: CVE-2020-12814

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-165530 // JVNDB: JVNDB-2021-014347 // NVD: CVE-2020-12814

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-310

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202111-310

PATCH

title:	FG-IR-20-092	url:	https://www.fortiguard.com/psirt/FG-IR-20-092	Trust: 0.8
title:	Fortinet FortiAnalyzer Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168654	Trust: 0.6

sources: JVNDB: JVNDB-2021-014347 // CNNVD: CNNVD-202111-310

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12814	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014347	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3909	Trust: 0.6
db:	CS-HELP	id:	SB2021111605	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-310	Trust: 0.6
db:	VULHUB	id:	VHN-165530	Trust: 0.1

sources: VULHUB: VHN-165530 // JVNDB: JVNDB-2021-014347 // CNNVD: CNNVD-202111-310 // NVD: CVE-2020-12814

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-20-092	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12814	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3909	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortinet-fortianalyzer-cross-site-scripting-via-web-gui-36794	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021111605	Trust: 0.6

sources: VULHUB: VHN-165530 // JVNDB: JVNDB-2021-014347 // CNNVD: CNNVD-202111-310 // NVD: CVE-2020-12814

SOURCES

db:	VULHUB	id:	VHN-165530
db:	JVNDB	id:	JVNDB-2021-014347
db:	CNNVD	id:	CNNVD-202111-310
db:	NVD	id:	CVE-2020-12814

LAST UPDATE DATE

2024-08-14T15:33:01.860000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165530	date:	2021-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-014347	date:	2022-10-13T06:26:00
db:	CNNVD	id:	CNNVD-202111-310	date:	2021-11-17T00:00:00
db:	NVD	id:	CVE-2020-12814	date:	2021-11-03T15:48:15.050

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165530	date:	2021-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-014347	date:	2022-10-13T00:00:00
db:	CNNVD	id:	CNNVD-202111-310	date:	2021-11-02T00:00:00
db:	NVD	id:	CVE-2020-12814	date:	2021-11-02T18:15:07.730