mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
161 lines
5.9 KiB
JSON
161 lines
5.9 KiB
JSON
{
|
|
"id": "CVE-2024-21762",
|
|
"sourceIdentifier": "psirt@fortinet.com",
|
|
"published": "2024-02-09T09:15:08.087",
|
|
"lastModified": "2024-02-13T18:21:14.607",
|
|
"vulnStatus": "Analyzed",
|
|
"cisaExploitAdd": "2024-02-09",
|
|
"cisaActionDue": "2024-02-16",
|
|
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
|
"cisaVulnerabilityName": "Fortinet FortiOS Out-of-Bound Write Vulnerability",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una escritura fuera de los l\u00edmites en Fortinet FortiOS versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15 , 6.0.0 a 6.0.17, y versiones de FortiProxy 7.4.0 a 7.4.2, 7.2.0 a 7.2.8, 7.0.0 a 7.0.14, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13 , 1.1.0 a 1.1.6, 1.0.0 a 1.0.7. Permite al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes espec\u00edficamente manipuladas"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "psirt@fortinet.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "psirt@fortinet.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-787"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "1.0.0",
|
|
"versionEndExcluding": "2.0.14",
|
|
"matchCriteriaId": "614BFD88-3C7A-4F6F-BD26-F53E4BC464D7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "7.0.0",
|
|
"versionEndExcluding": "7.0.15",
|
|
"matchCriteriaId": "72ED8947-DBF3-483B-B267-117403A3D8E3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "7.2.0",
|
|
"versionEndExcluding": "7.2.9",
|
|
"matchCriteriaId": "DF62C95E-AB35-4A8E-84F8-5197E9D33C21"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "7.4.0",
|
|
"versionEndExcluding": "7.4.3",
|
|
"matchCriteriaId": "4A077234-F19C-4E87-A7A5-A266B5C903C7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.0.0",
|
|
"versionEndExcluding": "6.2.16",
|
|
"matchCriteriaId": "E9BCDC86-176E-401A-B188-F77E22BCFC2D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.4.0",
|
|
"versionEndExcluding": "6.4.15",
|
|
"matchCriteriaId": "4E29353F-8791-4117-BA7A-E32FAB8348A4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "7.0.0",
|
|
"versionEndExcluding": "7.0.14",
|
|
"matchCriteriaId": "C119229A-3805-47C1-B3F9-AF1A4007A63B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "7.2.0",
|
|
"versionEndExcluding": "7.2.7",
|
|
"matchCriteriaId": "553C4BA9-953B-4017-8498-785BDA7A3006"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "7.4.0",
|
|
"versionEndExcluding": "7.4.3",
|
|
"matchCriteriaId": "757A5257-6103-4DC5-B79F-727E4279614A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://fortiguard.com/psirt/FG-IR-24-015",
|
|
"source": "psirt@fortinet.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |