diff --git a/2021/44xxx/CVE-2021-44172.json b/2021/44xxx/CVE-2021-44172.json index 2770f631b62..62763e1acb4 100644 --- a/2021/44xxx/CVE-2021-44172.json +++ b/2021/44xxx/CVE-2021-44172.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44172", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiClientEMS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.0.6", + "version_value": "7.0.7" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.4" + }, + { + "version_affected": "<=", + "version_name": "6.4.7", + "version_value": "6.4.9" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.4" + }, + { + "version_affected": "<=", + "version_name": "6.2.6", + "version_value": "6.2.9" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-21-244", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-21-244" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiClientEMS version 7.2.0 or above Please upgrade to FortiClientEMS version 7.0.8 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.6, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:U" } ] } diff --git a/2022/35xxx/CVE-2022-35849.json b/2022/35xxx/CVE-2022-35849.json index c4399dbfa2c..87212904058 100644 --- a/2022/35xxx/CVE-2022-35849.json +++ b/2022/35xxx/CVE-2022-35849.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiADC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.1.0" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.2" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.4" + }, + { + "version_affected": "<=", + "version_name": "6.1.0", + "version_value": "6.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-310", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-22-310" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiADC version 7.1.2 or above\r\nPlease upgrade to FortiADC version 7.0.4 or above\r\nPlease upgrade to FortiADC version 6.2.6 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C" } ] } diff --git a/2023/25xxx/CVE-2023-25608.json b/2023/25xxx/CVE-2023-25608.json index acecefc6092..30d808267d0 100644 --- a/2023/25xxx/CVE-2023-25608.json +++ b/2023/25xxx/CVE-2023-25608.json @@ -1,17 +1,209 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure", + "cweId": "CWE-792" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiAP-W2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.1" + }, + { + "version_affected": "<=", + "version_name": "7.0.3", + "version_value": "7.0.5" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.1" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.9" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.6" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.6" + } + ] + } + }, + { + "product_name": "FortiAP-C", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.4.0", + "version_value": "5.4.4" + }, + { + "version_affected": "<=", + "version_name": "5.2.0", + "version_value": "5.2.1" + } + ] + } + }, + { + "product_name": "FortiAP", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.1" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.5" + }, + { + "version_affected": "<=", + "version_name": "6.4.3", + "version_value": "6.4.9" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.6" + } + ] + } + }, + { + "product_name": "FortiAP-U", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.0.0" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.5" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.4" + }, + { + "version_affected": "<=", + "version_name": "5.4.3", + "version_value": "5.4.6" + }, + { + "version_affected": "=", + "version_value": "5.4.0" + } + ] + } + }, + { + "product_name": "FortiAP-S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.9" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.6" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-120", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-22-120" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiAP-W2 version 7.2.2 or above Please upgrade to FortiAP-W2 version 7.0.6 or above Please upgrade to FortiAP-C version 5.4.5 or above Please upgrade to FortiAP version 7.2.2 or above Please upgrade to FortiAP version 7.0.6 or above Please upgrade to FortiAP-U version 7.0.1 or above Please upgrade to FortiAP-U version 6.2.6 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C" } ] } diff --git a/2023/27xxx/CVE-2023-27998.json b/2023/27xxx/CVE-2023-27998.json index 672a2da6000..90a53b1cc51 100644 --- a/2023/27xxx/CVE-2023-27998.json +++ b/2023/27xxx/CVE-2023-27998.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure", + "cweId": "CWE-756" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiPresence", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2.0", + "version_value": "1.2.1" + }, + { + "version_affected": "<=", + "version_name": "1.1.0", + "version_value": "1.1.1" + }, + { + "version_affected": "=", + "version_value": "1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-288", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-22-288" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiPresence version 2.0.0 or above\r\n\u00a0" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:C" } ] } diff --git a/2023/29xxx/CVE-2023-29183.json b/2023/29xxx/CVE-2023-29183.json index bf8f6fe5cb2..672d7569ec1 100644 --- a/2023/29xxx/CVE-2023-29183.json +++ b/2023/29xxx/CVE-2023-29183.json @@ -1,17 +1,120 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29183", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiProxy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.10" + } + ] + } + }, + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.11" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.12" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-106", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-106" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiProxy version 7.2.5 or above Please upgrade to FortiProxy version 7.0.11 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiOS version 6.2.15 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R" } ] } diff --git a/2023/34xxx/CVE-2023-34984.json b/2023/34xxx/CVE-2023-34984.json index de6ab6d6f13..7a7ce74f1ed 100644 --- a/2023/34xxx/CVE-2023-34984.json +++ b/2023/34xxx/CVE-2023-34984.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-693" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiWeb", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.1" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.6" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.3" + }, + { + "version_affected": "<=", + "version_name": "6.3.6", + "version_value": "6.3.23" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-068", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-068" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiWeb version 7.2.2 or above Please upgrade to FortiWeb version 7.0.7 or above Please upgrade to FortiWeb version 6.4.4 or above Please upgrade to FortiWeb version 6.3.24 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36551.json b/2023/36xxx/CVE-2023-36551.json index aa960905a15..17f8266877e 100644 --- a/2023/36xxx/CVE-2023-36551.json +++ b/2023/36xxx/CVE-2023-36551.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36551", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiSIEM", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.7.0", + "version_value": "6.7.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-126", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-126" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiSIEM version 7.0.0 or above Please upgrade to FortiSIEM version 6.7.6 or above Please upgrade to FortiSIEM version 6.6.0 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X" } ] } diff --git a/2023/36xxx/CVE-2023-36634.json b/2023/36xxx/CVE-2023-36634.json index 1b7c749fb81..330e74be5b8 100644 --- a/2023/36xxx/CVE-2023-36634.json +++ b/2023/36xxx/CVE-2023-36634.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiAP-U", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.0.0" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.5" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.4" + }, + { + "version_affected": "<=", + "version_name": "5.4.3", + "version_value": "5.4.6" + }, + { + "version_affected": "=", + "version_value": "5.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-123", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-123" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiAP-U version 7.0.1 or above Please upgrade to FortiAP-U version 6.2.6 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:R" } ] } diff --git a/2023/36xxx/CVE-2023-36638.json b/2023/36xxx/CVE-2023-36638.json index e31c9a9f966..e3ce89a46fc 100644 --- a/2023/36xxx/CVE-2023-36638.json +++ b/2023/36xxx/CVE-2023-36638.json @@ -1,17 +1,140 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiManager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.2" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.7" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.11" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.11" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.12" + } + ] + } + }, + { + "product_name": "FortiAnalyzer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.2" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.7" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.11" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.11" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-522", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-22-522" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiManager version 7.4.0 or above Please upgrade to FortiManager version 7.2.3 or above Please upgrade to FortiManager version 7.0.8 or above Please upgrade to FortiManager version 6.4.12 or above Please upgrade to FortiAnalyzer version 7.4.0 or above Please upgrade to FortiAnalyzer version 7.2.3 or above Please upgrade to FortiAnalyzer version 7.0.8 or above Please upgrade to FortiAnalyzer version 6.4.12 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36642.json b/2023/36xxx/CVE-2023-36642.json index fb7fff15b05..8c0c3e1de75 100644 --- a/2023/36xxx/CVE-2023-36642.json +++ b/2023/36xxx/CVE-2023-36642.json @@ -1,17 +1,155 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiTester", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.3" + }, + { + "version_affected": "<=", + "version_name": "7.1.0", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.0.0" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.1" + }, + { + "version_affected": "<=", + "version_name": "4.1.0", + "version_value": "4.1.1" + }, + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "<=", + "version_name": "3.9.0", + "version_value": "3.9.2" + }, + { + "version_affected": "=", + "version_value": "3.8.0" + }, + { + "version_affected": "<=", + "version_name": "3.7.0", + "version_value": "3.7.1" + }, + { + "version_affected": "=", + "version_value": "3.6.0" + }, + { + "version_affected": "<=", + "version_name": "3.5.0", + "version_value": "3.5.1" + }, + { + "version_affected": "=", + "version_value": "3.4.0" + }, + { + "version_affected": "<=", + "version_name": "3.3.0", + "version_value": "3.3.1" + }, + { + "version_affected": "=", + "version_value": "3.2.0" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-501", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-22-501" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiTester version 7.3.0 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C" } ] } diff --git a/2023/40xxx/CVE-2023-40715.json b/2023/40xxx/CVE-2023-40715.json index 5e402258372..84129cdb2b2 100644 --- a/2023/40xxx/CVE-2023-40715.json +++ b/2023/40xxx/CVE-2023-40715.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cleartext storage of sensitive information vulnerability [CWE-312] in\u00a0FortiTester\u00a02.3.0 through 7.2.3 may allow\u00a0an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiTester", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.3" + }, + { + "version_affected": "<=", + "version_name": "7.1.0", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.0.0" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.1" + }, + { + "version_affected": "<=", + "version_name": "4.1.0", + "version_value": "4.1.1" + }, + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "<=", + "version_name": "3.9.0", + "version_value": "3.9.2" + }, + { + "version_affected": "=", + "version_value": "3.8.0" + }, + { + "version_affected": "<=", + "version_name": "3.7.0", + "version_value": "3.7.1" + }, + { + "version_affected": "=", + "version_value": "3.6.0" + }, + { + "version_affected": "<=", + "version_name": "3.5.0", + "version_value": "3.5.1" + }, + { + "version_affected": "=", + "version_value": "3.4.0" + }, + { + "version_affected": "<=", + "version_name": "3.3.0", + "version_value": "3.3.1" + }, + { + "version_affected": "=", + "version_value": "3.2.0" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.9.0" + }, + { + "version_affected": "=", + "version_value": "2.8.0" + }, + { + "version_affected": "=", + "version_value": "2.7.0" + }, + { + "version_affected": "=", + "version_value": "2.6.0" + }, + { + "version_affected": "=", + "version_value": "2.5.0" + }, + { + "version_affected": "<=", + "version_name": "2.4.0", + "version_value": "2.4.1" + }, + { + "version_affected": "=", + "version_value": "2.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-465", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-22-465" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiTester version 7.3.0 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C" } ] } diff --git a/2023/40xxx/CVE-2023-40717.json b/2023/40xxx/CVE-2023-40717.json index c56f9d20c21..dad4979e1e4 100644 --- a/2023/40xxx/CVE-2023-40717.json +++ b/2023/40xxx/CVE-2023-40717.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of hard-coded credentials vulnerability [CWE-798] in\u00a0FortiTester\u00a02.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiTester", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.3" + }, + { + "version_affected": "<=", + "version_name": "7.1.0", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.0.0" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.1" + }, + { + "version_affected": "<=", + "version_name": "4.1.0", + "version_value": "4.1.1" + }, + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "<=", + "version_name": "3.9.0", + "version_value": "3.9.2" + }, + { + "version_affected": "=", + "version_value": "3.8.0" + }, + { + "version_affected": "<=", + "version_name": "3.7.0", + "version_value": "3.7.1" + }, + { + "version_affected": "=", + "version_value": "3.6.0" + }, + { + "version_affected": "<=", + "version_name": "3.5.0", + "version_value": "3.5.1" + }, + { + "version_affected": "=", + "version_value": "3.4.0" + }, + { + "version_affected": "<=", + "version_name": "3.3.0", + "version_value": "3.3.1" + }, + { + "version_affected": "=", + "version_value": "3.2.0" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.9.0" + }, + { + "version_affected": "=", + "version_value": "2.8.0" + }, + { + "version_affected": "=", + "version_value": "2.7.0" + }, + { + "version_affected": "=", + "version_value": "2.6.0" + }, + { + "version_affected": "=", + "version_value": "2.5.0" + }, + { + "version_affected": "<=", + "version_name": "2.4.0", + "version_value": "2.4.1" + }, + { + "version_affected": "=", + "version_value": "2.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-245", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-22-245" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiTester version 7.3.0 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C" } ] } diff --git a/2023/4xxx/CVE-2023-4933.json b/2023/4xxx/CVE-2023-4933.json new file mode 100644 index 00000000000..4796876537f --- /dev/null +++ b/2023/4xxx/CVE-2023-4933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4934.json b/2023/4xxx/CVE-2023-4934.json new file mode 100644 index 00000000000..7f53f1d7cce --- /dev/null +++ b/2023/4xxx/CVE-2023-4934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file