ID

VAR-202111-0204


CVE

CVE-2020-12814


TITLE

Fortinet FortiAnalyzer  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014347

DESCRIPTION

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. Fortinet FortiAnalyzer Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2020-12814 // JVNDB: JVNDB-2021-014347 // VULHUB: VHN-165530

AFFECTED PRODUCTS

vendor:fortinetmodel:fortianalyzerscope:eqversion:6.4.4

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:lteversion:6.0.6

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:6.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortianalyzerscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortianalyzerscope:lteversion:6.0.6 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortianalyzerscope:eqversion:6.4.4

Trust: 0.8

sources: JVNDB: JVNDB-2021-014347 // NVD: CVE-2020-12814

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12814
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2020-12814
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-12814
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202111-310
value: MEDIUM

Trust: 0.6

VULHUB: VHN-165530
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-12814
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-165530
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12814
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2020-12814
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-12814
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-165530 // JVNDB: JVNDB-2021-014347 // CNNVD: CNNVD-202111-310 // NVD: CVE-2020-12814 // NVD: CVE-2020-12814

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-165530 // JVNDB: JVNDB-2021-014347 // NVD: CVE-2020-12814

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-310

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202111-310

PATCH

title:FG-IR-20-092url:https://www.fortiguard.com/psirt/FG-IR-20-092

Trust: 0.8

title:Fortinet FortiAnalyzer Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168654

Trust: 0.6

sources: JVNDB: JVNDB-2021-014347 // CNNVD: CNNVD-202111-310

EXTERNAL IDS

db:NVDid:CVE-2020-12814

Trust: 3.3

db:JVNDBid:JVNDB-2021-014347

Trust: 0.8

db:AUSCERTid:ESB-2021.3909

Trust: 0.6

db:CS-HELPid:SB2021111605

Trust: 0.6

db:CNNVDid:CNNVD-202111-310

Trust: 0.6

db:VULHUBid:VHN-165530

Trust: 0.1

sources: VULHUB: VHN-165530 // JVNDB: JVNDB-2021-014347 // CNNVD: CNNVD-202111-310 // NVD: CVE-2020-12814

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-092

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-12814

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.3909

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortinet-fortianalyzer-cross-site-scripting-via-web-gui-36794

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111605

Trust: 0.6

sources: VULHUB: VHN-165530 // JVNDB: JVNDB-2021-014347 // CNNVD: CNNVD-202111-310 // NVD: CVE-2020-12814

SOURCES

db:VULHUBid:VHN-165530
db:JVNDBid:JVNDB-2021-014347
db:CNNVDid:CNNVD-202111-310
db:NVDid:CVE-2020-12814

LAST UPDATE DATE

2024-08-14T15:33:01.860000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-165530date:2021-11-03T00:00:00
db:JVNDBid:JVNDB-2021-014347date:2022-10-13T06:26:00
db:CNNVDid:CNNVD-202111-310date:2021-11-17T00:00:00
db:NVDid:CVE-2020-12814date:2021-11-03T15:48:15.050

SOURCES RELEASE DATE

db:VULHUBid:VHN-165530date:2021-11-02T00:00:00
db:JVNDBid:JVNDB-2021-014347date:2022-10-13T00:00:00
db:CNNVDid:CNNVD-202111-310date:2021-11-02T00:00:00
db:NVDid:CVE-2020-12814date:2021-11-02T18:15:07.730