Lucene search

[email protected]CVE-2013-1414

HistoryJul 08, 2013 - 5:55 p.m.

CVE-2013-1414

2013-07-0817:55:02

CWE-352

[email protected]

web.nvd.nist.gov

fortinet

fortios

cross-site request forgery

csrf

vulnerabilities

firewall

remote attackers

authentication

7.2 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0 Low

EPSS

Percentile

0.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.

Affected configurations

NVD

Node

fortinetfortiosRange≤4.3.12

fortinetfortiosMatch4.3.10

fortinetfortiosMatch5.0

fortinetfortiosMatch5.0.1

AND

fortinetfortigate-1000cMatch-

fortinetfortigate-100dMatch-

fortinetfortigate-110cMatch-

fortinetfortigate-1240bMatch-

fortinetfortigate-200bMatch-

fortinetfortigate-20cMatch-

fortinetfortigate-300cMatch-

fortinetfortigate-3040bMatch-

fortinetfortigate-310bMatch-

fortinetfortigate-311bMatch-

fortinetfortigate-3140bMatch-

fortinetfortigate-3240cMatch-

fortinetfortigate-3810aMatch-

fortinetfortigate-3950bMatch-

fortinetfortigate-40cMatch-

fortinetfortigate-5001a-swMatch-

fortinetfortigate-5001bMatch-

fortinetfortigate-5020Match-

fortinetfortigate-5060Match-

fortinetfortigate-50bMatch-

fortinetfortigate-5101cMatch-

fortinetfortigate-5140bMatch-

fortinetfortigate-600cMatch-

fortinetfortigate-60cMatch-

fortinetfortigate-620bMatch-

fortinetfortigate-800cMatch-

fortinetfortigate-80cMatch-

fortinetfortigate-voice-80cMatch-

fortinetfortigaterugged-100cMatch-

CPENameOperatorVersion
fortinet:fortiosfortinet fortiosle4.3.12
fortinet:fortiosfortinet fortioseq4.3.10
fortinet:fortiosfortinet fortioseq5.0
fortinet:fortiosfortinet fortioseq5.0.1
fortinet:fortigate-1000cfortinet fortigate-1000ceq-
fortinet:fortigate-100dfortinet fortigate-100deq-
fortinet:fortigate-110cfortinet fortigate-110ceq-
fortinet:fortigate-1240bfortinet fortigate-1240beq-
fortinet:fortigate-200bfortinet fortigate-200beq-
fortinet:fortigate-20cfortinet fortigate-20ceq-

CPE	Name	Operator	Version
fortinet:fortios	fortinet fortios	le	4.3.12
fortinet:fortios	fortinet fortios	eq	4.3.10
fortinet:fortios	fortinet fortios	eq	5.0
fortinet:fortios	fortinet fortios	eq	5.0.1
fortinet:fortigate-1000c	fortinet fortigate-1000c	eq	-
fortinet:fortigate-100d	fortinet fortigate-100d	eq	-
fortinet:fortigate-110c	fortinet fortigate-110c	eq	-
fortinet:fortigate-1240b	fortinet fortigate-1240b	eq	-
fortinet:fortigate-200b	fortinet fortigate-200b	eq	-
fortinet:fortigate-20c	fortinet fortigate-20c	eq	-