Auto-merge PR#1304

2025-08-04 08:44:25 +00:00 · 2021-04-12 10:25:30 -04:00 · 2021-04-12 10:25:30 -04:00 · 9a47fa3d2d
commit 9a47fa3d2d
parent 7e36c9c039 654a9f2056
1 changed files with 83 additions and 0 deletions
--- a/2019/17xxx/CVE-2019-17656.json
+++ b/2019/17xxx/CVE-2019-17656.json
@ -0,0 +1,83 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-17656",
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Fortinet FortiProxy, FortiOS",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below; FortiOS 6.0.10 and below,  6.2.2 and below"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Network",
+            "availabilityImpact": "Low",
+            "baseScore": 5.3,
+            "baseSeverity": "Medium",
+            "confidentialityImpact": "None",
+            "integrityImpact": "Low",
+            "privilegesRequired": "Low",
+            "scope": "Unchanged",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Crash of the HTTPD service"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/advisory/FG-IR-19-248",
+                "url": "https://fortiguard.com/advisory/FG-IR-19-248"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/advisory/FG-IR-21-007",
+                "url": "https://fortiguard.com/advisory/FG-IR-21-007"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below,  6.2.2 and below and  FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution."
+            }
+        ]
+    }
+}