Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for fortiadc_firmware by fortinet

    CVE-2020-9286 (GCVE-0-2020-9286)

    Vulnerability from nvd – Published: 2020-04-07 18:52 – Updated: 2024-10-25 14:02
    VLAI
    Summary
    An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control
    Assigner
    References
    URL Tags
    https://fortiguard.com/psirt/FG-IR-20-013 x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a FortiADC Affected: FortiADC 5.3.3 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:26:15.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-20-013"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-9286",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T13:59:19.316176Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:02:00.972Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FortiADC",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "FortiADC 5.3.3 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-07T18:52:09.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://fortiguard.com/psirt/FG-IR-20-013"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "ID": "CVE-2020-9286",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FortiADC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FortiADC 5.3.3 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/psirt/FG-IR-20-013",
                  "refsource": "MISC",
                  "url": "https://fortiguard.com/psirt/FG-IR-20-013"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2020-9286",
        "datePublished": "2020-04-07T18:52:09.000Z",
        "dateReserved": "2020-02-19T00:00:00.000Z",
        "dateUpdated": "2024-10-25T14:02:00.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6647 (GCVE-0-2020-6647)

    Vulnerability from nvd – Published: 2020-04-07 18:41 – Updated: 2024-10-25 14:02
    VLAI
    Summary
    An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Execute unauthorized code or commands
    Assigner
    References
    URL Tags
    https://fortiguard.com/psirt/FG-IR-20-012 x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a Fortinet FortiADC Affected: FortiADC 5.4.0 and 5.3.x before 5.3.5.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:11:04.653Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-20-012"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-6647",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T13:59:20.957534Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:02:12.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fortinet FortiADC",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "FortiADC 5.4.0 and 5.3.x before 5.3.5."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-07T18:41:40.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://fortiguard.com/psirt/FG-IR-20-012"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "ID": "CVE-2020-6647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fortinet FortiADC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FortiADC 5.4.0 and 5.3.x before 5.3.5."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Execute unauthorized code or commands"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/psirt/FG-IR-20-012",
                  "refsource": "MISC",
                  "url": "https://fortiguard.com/psirt/FG-IR-20-012"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2020-6647",
        "datePublished": "2020-04-07T18:41:40.000Z",
        "dateReserved": "2020-01-09T00:00:00.000Z",
        "dateUpdated": "2024-10-25T14:02:12.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8618 (GCVE-0-2014-8618)

    Vulnerability from nvd – Published: 2015-05-12 19:00 – Updated: 2024-08-06 13:26
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.fortiguard.com/advisory/FG-IR-15-005/ x_refsource_CONFIRM
    http://www.securitytracker.com/id/1032265 vdb-entryx_refsource_SECTRACK
    Date Public
    2015-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:26:02.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
              },
              {
                "name": "1032265",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032265"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-30T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
            },
            {
              "name": "1032265",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032265"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-8618",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.fortiguard.com/advisory/FG-IR-15-005/",
                  "refsource": "CONFIRM",
                  "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
                },
                {
                  "name": "1032265",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032265"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-8618",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2014-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:26:02.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8582 (GCVE-0-2014-8582)

    Vulnerability from nvd – Published: 2014-11-01 23:00 – Updated: 2024-08-06 13:26
    VLAI
    Summary
    FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-10-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:26:00.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
              },
              {
                "name": "fortiadc-unauth-access(98384)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
              },
              {
                "name": "61866",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61866"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
            },
            {
              "name": "fortiadc-unauth-access(98384)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
            },
            {
              "name": "61866",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61866"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-8582",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
                },
                {
                  "name": "fortiadc-unauth-access(98384)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
                },
                {
                  "name": "http://www.fortiguard.com/advisory/FG-IR-14-032/",
                  "refsource": "CONFIRM",
                  "url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
                },
                {
                  "name": "61866",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61866"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-8582",
        "datePublished": "2014-11-01T23:00:00.000Z",
        "dateReserved": "2014-11-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:26:00.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0331 (GCVE-0-2014-0331)

    Vulnerability from nvd – Published: 2014-04-10 14:00 – Updated: 2024-08-06 09:13
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/667340 third-party-advisoryx_refsource_CERT-VN
    http://www.securitytracker.com/id/1030018 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/66642 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2014/Apr/53 mailing-listx_refsource_FULLDISC
    http://www.fortiguard.com/advisory/FG-IR-14-004 x_refsource_CONFIRM
    Date Public
    2014-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:13:09.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#667340",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/667340"
              },
              {
                "name": "1030018",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030018"
              },
              {
                "name": "66642",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/66642"
              },
              {
                "name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Apr/53"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-15T17:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#667340",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/667340"
            },
            {
              "name": "1030018",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030018"
            },
            {
              "name": "66642",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/66642"
            },
            {
              "name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Apr/53"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-0331",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#667340",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/667340"
                },
                {
                  "name": "1030018",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1030018"
                },
                {
                  "name": "66642",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/66642"
                },
                {
                  "name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Apr/53"
                },
                {
                  "name": "http://www.fortiguard.com/advisory/FG-IR-14-004",
                  "refsource": "CONFIRM",
                  "url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-0331",
        "datePublished": "2014-04-10T14:00:00.000Z",
        "dateReserved": "2013-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:13:09.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9286 (GCVE-0-2020-9286)

    Vulnerability from cvelistv5 – Published: 2020-04-07 18:52 – Updated: 2024-10-25 14:02
    VLAI
    Summary
    An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control
    Assigner
    References
    URL Tags
    https://fortiguard.com/psirt/FG-IR-20-013 x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a FortiADC Affected: FortiADC 5.3.3 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:26:15.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-20-013"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-9286",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T13:59:19.316176Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:02:00.972Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FortiADC",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "FortiADC 5.3.3 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-07T18:52:09.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://fortiguard.com/psirt/FG-IR-20-013"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "ID": "CVE-2020-9286",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FortiADC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FortiADC 5.3.3 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/psirt/FG-IR-20-013",
                  "refsource": "MISC",
                  "url": "https://fortiguard.com/psirt/FG-IR-20-013"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2020-9286",
        "datePublished": "2020-04-07T18:52:09.000Z",
        "dateReserved": "2020-02-19T00:00:00.000Z",
        "dateUpdated": "2024-10-25T14:02:00.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6647 (GCVE-0-2020-6647)

    Vulnerability from cvelistv5 – Published: 2020-04-07 18:41 – Updated: 2024-10-25 14:02
    VLAI
    Summary
    An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Execute unauthorized code or commands
    Assigner
    References
    URL Tags
    https://fortiguard.com/psirt/FG-IR-20-012 x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a Fortinet FortiADC Affected: FortiADC 5.4.0 and 5.3.x before 5.3.5.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:11:04.653Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-20-012"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-6647",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T13:59:20.957534Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:02:12.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fortinet FortiADC",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "FortiADC 5.4.0 and 5.3.x before 5.3.5."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-07T18:41:40.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://fortiguard.com/psirt/FG-IR-20-012"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "ID": "CVE-2020-6647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fortinet FortiADC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FortiADC 5.4.0 and 5.3.x before 5.3.5."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Execute unauthorized code or commands"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/psirt/FG-IR-20-012",
                  "refsource": "MISC",
                  "url": "https://fortiguard.com/psirt/FG-IR-20-012"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2020-6647",
        "datePublished": "2020-04-07T18:41:40.000Z",
        "dateReserved": "2020-01-09T00:00:00.000Z",
        "dateUpdated": "2024-10-25T14:02:12.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8618 (GCVE-0-2014-8618)

    Vulnerability from cvelistv5 – Published: 2015-05-12 19:00 – Updated: 2024-08-06 13:26
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.fortiguard.com/advisory/FG-IR-15-005/ x_refsource_CONFIRM
    http://www.securitytracker.com/id/1032265 vdb-entryx_refsource_SECTRACK
    Date Public
    2015-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:26:02.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
              },
              {
                "name": "1032265",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032265"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-30T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
            },
            {
              "name": "1032265",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032265"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-8618",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.fortiguard.com/advisory/FG-IR-15-005/",
                  "refsource": "CONFIRM",
                  "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
                },
                {
                  "name": "1032265",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032265"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-8618",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2014-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:26:02.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8582 (GCVE-0-2014-8582)

    Vulnerability from cvelistv5 – Published: 2014-11-01 23:00 – Updated: 2024-08-06 13:26
    VLAI
    Summary
    FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-10-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:26:00.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
              },
              {
                "name": "fortiadc-unauth-access(98384)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
              },
              {
                "name": "61866",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61866"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
            },
            {
              "name": "fortiadc-unauth-access(98384)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
            },
            {
              "name": "61866",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61866"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-8582",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf"
                },
                {
                  "name": "fortiadc-unauth-access(98384)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98384"
                },
                {
                  "name": "http://www.fortiguard.com/advisory/FG-IR-14-032/",
                  "refsource": "CONFIRM",
                  "url": "http://www.fortiguard.com/advisory/FG-IR-14-032/"
                },
                {
                  "name": "61866",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61866"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-8582",
        "datePublished": "2014-11-01T23:00:00.000Z",
        "dateReserved": "2014-11-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:26:00.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0331 (GCVE-0-2014-0331)

    Vulnerability from cvelistv5 – Published: 2014-04-10 14:00 – Updated: 2024-08-06 09:13
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/667340 third-party-advisoryx_refsource_CERT-VN
    http://www.securitytracker.com/id/1030018 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/66642 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2014/Apr/53 mailing-listx_refsource_FULLDISC
    http://www.fortiguard.com/advisory/FG-IR-14-004 x_refsource_CONFIRM
    Date Public
    2014-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:13:09.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#667340",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/667340"
              },
              {
                "name": "1030018",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030018"
              },
              {
                "name": "66642",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/66642"
              },
              {
                "name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Apr/53"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-15T17:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#667340",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/667340"
            },
            {
              "name": "1030018",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030018"
            },
            {
              "name": "66642",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/66642"
            },
            {
              "name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Apr/53"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-0331",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#667340",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/667340"
                },
                {
                  "name": "1030018",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1030018"
                },
                {
                  "name": "66642",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/66642"
                },
                {
                  "name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Apr/53"
                },
                {
                  "name": "http://www.fortiguard.com/advisory/FG-IR-14-004",
                  "refsource": "CONFIRM",
                  "url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-0331",
        "datePublished": "2014-04-10T14:00:00.000Z",
        "dateReserved": "2013-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:13:09.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }