diff --git a/2023/34xxx/CVE-2023-34990.json b/2023/34xxx/CVE-2023-34990.json index 8825b944886..3b75cc84adb 100644 --- a/2023/34xxx/CVE-2023-34990.json +++ b/2023/34xxx/CVE-2023-34990.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-23" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiWLM", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "8.6.0", + "version_value": "8.6.5" + }, + { + "version_affected": "<=", + "version_name": "8.5.0", + "version_value": "8.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-144", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-144" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X" } ] } diff --git a/2024/48xxx/CVE-2024-48889.json b/2024/48xxx/CVE-2024-48889.json index 024cda24b8b..282c2fca4e9 100644 --- a/2024/48xxx/CVE-2024-48889.json +++ b/2024/48xxx/CVE-2024-48889.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48889", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiManager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.6.0" + }, + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.4" + }, + { + "version_affected": "<=", + "version_name": "7.2.3", + "version_value": "7.2.7" + }, + { + "version_affected": "<=", + "version_name": "7.0.5", + "version_value": "7.0.12" + }, + { + "version_affected": "<=", + "version_name": "6.4.10", + "version_value": "6.4.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-425", + "refsource": "MISC", + "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-425" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiManager version 7.6.1 or above \nPlease upgrade to FortiManager version 7.4.5 or above \nPlease upgrade to FortiManager version 7.2.8 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:X" } ] } diff --git a/2024/50xxx/CVE-2024-50570.json b/2024/50xxx/CVE-2024-50570.json index b20f5429621..a337fc12727 100644 --- a/2024/50xxx/CVE-2024-50570.json +++ b/2024/50xxx/CVE-2024-50570.json @@ -1,17 +1,141 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiClientMac", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.2" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.7" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.14" + } + ] + } + }, + { + "product_name": "FortiClientLinux", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.2" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.7" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.13" + } + ] + } + }, + { + "product_name": "FortiClientWindows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.4.0" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.5" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278", + "refsource": "MISC", + "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiClientLinux version 7.4.3 or above \nPlease upgrade to FortiClientLinux version 7.2.8 or above \nPlease upgrade to FortiClientLinux version 7.0.14 or above \nPlease upgrade to FortiClientWindows version 7.4.2 or above \nPlease upgrade to FortiClientWindows version 7.2.7 or above \nPlease upgrade to FortiClientWindows version 7.0.14 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X" } ] } diff --git a/2024/56xxx/CVE-2024-56181.json b/2024/56xxx/CVE-2024-56181.json new file mode 100644 index 00000000000..3c70e99f090 --- /dev/null +++ b/2024/56xxx/CVE-2024-56181.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56181", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56182.json b/2024/56xxx/CVE-2024-56182.json new file mode 100644 index 00000000000..cbf78d57239 --- /dev/null +++ b/2024/56xxx/CVE-2024-56182.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56182", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file