Lucene search

FortinetCVE-2017-3129

HistoryMay 27, 2017 - 12:29 a.m.

CVE-2017-3129

2017-05-2700:29:01

CWE-79

fortinet

web.nvd.nist.gov

fortinet

fortiweb

cve-2017-3129

cross-site scripting

security vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.7%

JSON

A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.

Affected configurations

Nvd

Node

fortinetfortiwebRange≤5.7.1

VendorProductVersionCPE
fortinetfortiweb*cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiweb	*	cpe:2.3:a:fortinet:fortiweb::::::::

CNA Affected

[
  {
    "product": "Fortinet FortiWeb",
    "vendor": "Fortinet, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "FortiWeb versions 5.7.1 and below"
      }
    ]
  }
]

References

www.securityfocus.com/bid/98382

fortiguard.com/psirt/FG-IR-17-076

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.7%

JSON

Related for CVE-2017-3129