Lucene search

[email protected]CVE-2015-1451

HistoryFeb 02, 2015 - 4:59 p.m.

CVE-2015-1451

2015-02-0216:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-1451

cross-site scripting

xss

fortinet

fortios 5.0

patch 7

wtp

capwap join request

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.

CPENameOperatorVersion
fortinet:fortiosfortinet fortioseq5.0.7

CPE	Name	Operator	Version
fortinet:fortios	fortinet fortios	eq	5.0.7

References

seclists.org/fulldisclosure/2015/Jan/125

secunia.com/advisories/61661

www.fortiguard.com/advisory/FG-IR-15-002/

www.security-assessment.com/files/documents/advisory/Fortinet_FortiOS_Multiple_Vulnerabilities.pdf

www.securityfocus.com/bid/72383

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.4%

JSON

Related for CVE-2015-1451

cvelist1 prion1 fortinet1