Lucene search

FortinetCVELIST:CVE-2019-17656

HistoryApr 12, 2021 - 2:14 p.m.

CVE-2019-17656

2021-04-1214:14:42

fortinet

www.cve.org

fortinet

httpd

buffer overflow

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

50.4%

JSON

A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.

CNA Affected

[
  {
    "product": "Fortinet FortiProxy, FortiOS",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below; FortiOS 6.0.10 and below,  6.2.2 and below"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-19-248

fortiguard.com/advisory/FG-IR-21-007

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

50.4%

JSON

Related for CVELIST:CVE-2019-17656