From dca350719aab6b9ff7449b1ae48784824e152c8f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 13 Aug 2024 16:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/27xxx/CVE-2022-27486.json | 148 ++++++++++++++++++++++++++++++++- 2022/45xxx/CVE-2022-45862.json | 148 ++++++++++++++++++++++++++++++++- 2023/26xxx/CVE-2023-26211.json | 99 +++++++++++++++++++++- 2023/31xxx/CVE-2023-31315.json | 4 +- 2024/21xxx/CVE-2024-21757.json | 111 ++++++++++++++++++++++++- 2024/36xxx/CVE-2024-36505.json | 94 ++++++++++++++++++++- 2024/7xxx/CVE-2024-7746.json | 80 ++++++++++++++++++ 2024/7xxx/CVE-2024-7747.json | 18 ++++ 8 files changed, 680 insertions(+), 22 deletions(-) create mode 100644 2024/7xxx/CVE-2024-7746.json create mode 100644 2024/7xxx/CVE-2024-7747.json diff --git a/2022/27xxx/CVE-2022-27486.json b/2022/27xxx/CVE-2022-27486.json index 965911d1d41..043676284ef 100644 --- a/2022/27xxx/CVE-2022-27486.json +++ b/2022/27xxx/CVE-2022-27486.json @@ -1,17 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root`\u00a0via `execute` CLI commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiDDoS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.0" + }, + { + "version_affected": "<=", + "version_name": "5.5.0", + "version_value": "5.5.1" + }, + { + "version_affected": "<=", + "version_name": "5.4.0", + "version_value": "5.4.2" + }, + { + "version_affected": "<=", + "version_name": "5.3.0", + "version_value": "5.3.2" + }, + { + "version_affected": "=", + "version_value": "5.2.0" + }, + { + "version_affected": "=", + "version_value": "5.1.0" + }, + { + "version_affected": "=", + "version_value": "5.0.0" + }, + { + "version_affected": "=", + "version_value": "4.7.0" + }, + { + "version_affected": "=", + "version_value": "4.6.0" + }, + { + "version_affected": "=", + "version_value": "4.5.0" + } + ] + } + }, + { + "product_name": "FortiDDoS-F", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.5.0" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.1" + }, + { + "version_affected": "<=", + "version_name": "6.3.0", + "version_value": "6.3.4" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.2" + }, + { + "version_affected": "<=", + "version_name": "6.1.0", + "version_value": "6.1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-047", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-22-047" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiDDoS version 5.7.1 or above \nPlease upgrade to FortiDDoS version 5.6.2 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiDDoS version 5.4.3 or above \nPlease upgrade to FortiDDoS-F version 6.5.1 or above \nPlease upgrade to FortiDDoS-F version 6.4.2 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C" } ] } diff --git a/2022/45xxx/CVE-2022-45862.json b/2022/45xxx/CVE-2022-45862.json index 8be35472fc7..d03bbbcd107 100644 --- a/2022/45xxx/CVE-2022-45862.json +++ b/2022/45xxx/CVE-2022-45862.json @@ -1,17 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45862", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiPAM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.3.0" + }, + { + "version_affected": "=", + "version_value": "1.2.0" + }, + { + "version_affected": "<=", + "version_name": "1.1.0", + "version_value": "1.1.2" + }, + { + "version_affected": "<=", + "version_name": "1.0.0", + "version_value": "1.0.3" + } + ] + } + }, + { + "product_name": "FortiProxy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.11" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.18" + } + ] + } + }, + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.5" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.7" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.11" + } + ] + } + }, + { + "product_name": "FortiSwitchManager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.1" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-445", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-22-445" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiOS version 7.4.0 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiPAM version 1.4.0 or above \nPlease upgrade to FortiProxy version 7.4.0 or above \nPlease upgrade to FortiSwitchManager version 7.2.2 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C" } ] } diff --git a/2023/26xxx/CVE-2023-26211.json b/2023/26xxx/CVE-2023-26211.json index b8732236acf..c86a8bbefa3 100644 --- a/2023/26xxx/CVE-2023-26211.json +++ b/2023/26xxx/CVE-2023-26211.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-26211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiSOAR", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.3.0", + "version_value": "7.3.2" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.2" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.3" + }, + { + "version_affected": "<=", + "version_name": "6.4.3", + "version_value": "6.4.4" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-088", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-088" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiSOAR version 7.5.0 or above \nPlease upgrade to FortiSOAR version 7.4.1 or above \nPlease upgrade to FortiSOAR version 7.3.3 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X" } ] } diff --git a/2023/31xxx/CVE-2023-31315.json b/2023/31xxx/CVE-2023-31315.json index 5ba80b117ff..99fa99095e1 100644 --- a/2023/31xxx/CVE-2023-31315.json +++ b/2023/31xxx/CVE-2023-31315.json @@ -738,9 +738,9 @@ "references": { "reference_data": [ { - "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html", + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html", "refsource": "MISC", - "name": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html" + "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html" } ] }, diff --git a/2024/21xxx/CVE-2024-21757.json b/2024/21xxx/CVE-2024-21757.json index 910d73d211a..33e87076db5 100644 --- a/2024/21xxx/CVE-2024-21757.json +++ b/2024/21xxx/CVE-2024-21757.json @@ -1,17 +1,120 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege", + "cweId": "CWE-620" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiManager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.1" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.10" + } + ] + } + }, + { + "product_name": "FortiAnalyzer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.1" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-467", + "refsource": "MISC", + "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-467" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.11 or above \nPlease upgrade to FortiAnalyzer version 7.4.2 or above \nPlease upgrade to FortiAnalyzer version 7.2.5 or above \nPlease upgrade to FortiAnalyzer version 7.0.11 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C" } ] } diff --git a/2024/36xxx/CVE-2024-36505.json b/2024/36xxx/CVE-2024-36505.json index 5d99addd49e..62f58c60d3a 100644 --- a/2024/36xxx/CVE-2024-36505.json +++ b/2024/36xxx/CVE-2024-36505.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36505", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.3" + }, + { + "version_affected": "<=", + "version_name": "7.2.5", + "version_value": "7.2.7" + }, + { + "version_affected": "<=", + "version_name": "7.0.12", + "version_value": "7.0.14" + }, + { + "version_affected": "<=", + "version_name": "6.4.13", + "version_value": "6.4.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-012", + "refsource": "MISC", + "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-012" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.15 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R" } ] } diff --git a/2024/7xxx/CVE-2024-7746.json b/2024/7xxx/CVE-2024-7746.json new file mode 100644 index 00000000000..7c4b80ef71e --- /dev/null +++ b/2024/7xxx/CVE-2024-7746.json @@ -0,0 +1,80 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-7746", + "ASSIGNER": "cve@asrg.io", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism.\u00a0\nThese transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1392: Use of Default Credentials", + "cweId": "CWE-1392" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Traccar", + "product": { + "product_data": [ + { + "product_name": "Server", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.2", + "status": "unaffected", + "version": "2.12", + "versionType": "git" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://asrg.io/security-advisories/cve-2024-7746/", + "refsource": "MISC", + "name": "https://asrg.io/security-advisories/cve-2024-7746/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7747.json b/2024/7xxx/CVE-2024-7747.json new file mode 100644 index 00000000000..a2bd49da79a --- /dev/null +++ b/2024/7xxx/CVE-2024-7747.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7747", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file