FortiAuthenticator multiple vulnerabilities

2015-02-05T00:00:00

Description

[ ![fortinet-logo-footer](/static/images/fortinet-footer-logo.svg?v=7250) ](<https://www.fortinet.com>)

{"id": "FG-IR-15-003", "vendorId": null, "type": "fortinet", "bulletinFamily": "software", "title": "FortiAuthenticator multiple vulnerabilities", "description": "[ ![fortinet-logo-footer](/static/images/fortinet-footer-logo.svg?v=7250) ](<https://www.fortinet.com>)\n", "published": "2015-02-05T00:00:00", "modified": "2015-02-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.fortiguard.com/psirt/FG-IR-15-003", "reporter": "FortiGuard Labs", "references": [], "cvelist": ["CVE-2015-1455", "CVE-2015-1456", "CVE-2015-1457", "CVE-2015-1458", "CVE-2015-1459"], "immutableFields": [], "lastseen": "2022-06-24T14:11:04", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-1455", "CVE-2015-1456", "CVE-2015-1457", "CVE-2015-1458", "CVE-2015-1459"]}, {"type": "kaspersky", "idList": ["KLA10494"]}, {"type": "nessus", "idList": ["FORTIAUTHENTICATOR_CVE_2015_1459.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105228"]}], "rev": 4}, "score": {"value": 5.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2015-1455", "CVE-2015-1456", "CVE-2015-1457", "CVE-2015-1458", "CVE-2015-1459"]}, {"type": "kaspersky", "idList": ["KLA10494"]}, {"type": "nessus", "idList": ["FORTIAUTHENTICATOR_CVE_2015_1459.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:8126186F4F00A899AE821FA964FD1D17"]}]}, "exploitation": null, "vulnersScore": 5.8}, "_state": {"dependencies": 0}, "_internal": {}, "affectedSoftware": []}

{"openvas": [{"lastseen": "2019-05-29T18:36:21", "description": "Fortinet FortiAuthenticator Appliance is prone to the following\nmultiple security vulnerabilities:\n\n1. A cross-site scripting vulnerability\n2. A command-execution vulnerability\n3. Multiple information-disclosure vulnerabilities", "cvss3": {}, "published": "2015-03-02T00:00:00", "type": "openvas", "title": "Fortinet FortiAuthenticator Appliance Multiple Security Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1456", "CVE-2015-1455", "CVE-2015-1459", "CVE-2015-1458", "CVE-2015-1457"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310105228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105228", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fortinet_FortiAuthenticator_72378.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Fortinet FortiAuthenticator Appliance Multiple Security Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:fortinet:fortiauthenticator\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105228\");\n script_bugtraq_id(72378);\n script_cve_id(\"CVE-2015-1456\", \"CVE-2015-1455\", \"CVE-2015-1457\", \"CVE-2015-1459\", \"CVE-2015-1458\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"Fortinet FortiAuthenticator Appliance Multiple Security Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/72378\");\n script_xref(name:\"URL\", value:\"https://fortiguard.com/psirt/FG-IR-15-003\");\n\n script_tag(name:\"affected\", value:\"FortiAuthenticator lower than 3.2.1\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to FortiAuthenticator 3.2.1 or higher.\");\n script_tag(name:\"summary\", value:\"Fortinet FortiAuthenticator Appliance is prone to the following\nmultiple security vulnerabilities:\n\n1. A cross-site scripting vulnerability\n2. A command-execution vulnerability\n3. Multiple information-disclosure vulnerabilities\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit these issues to execute arbitrary script code\nin the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication\ncredentials, execute arbitrary commands and gain access to potentially sensitive information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-02 10:40:16 +0100 (Mon, 02 Mar 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"FortiOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_forti_authenticator_version.nasl\");\n script_mandatory_keys(\"fortiauthenticator/version\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\n\ninclude(\"version_func.inc\");\n\nvers = get_app_version( cpe:CPE );\nif( ! vers )\n vers = get_kb_item(\"fortiauthenticator/version\");\n\nif( ! vers ) exit( 0 );\n\nif( version_is_less( version: vers, test_version: \"3.2.1\" ) )\n{\n report = 'Installed Version: ' + vers + '\\nFixed Version: 3.2.1\\n';\n security_message( port:0, data:report );\n exit (0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:46:51", "description": "The remote Fortinet FortiAuthenticator appliance is affected by a cross-site scripting vulnerability due to improper validation of input to the 'operation' parameter of the SCEP service.\n\nAppliances affected by this issue are likely affected by multiple other issues that; however, Nessus did not test for these. See the linked advisory for further details.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-16T00:00:00", "type": "nessus", "title": "Fortinet FortiAuthenticator 'operation' Parameter XSS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1455", "CVE-2015-1456", "CVE-2015-1457", "CVE-2015-1458", "CVE-2015-1459"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:fortinet:fortiauthenticator"], "id": "FORTIAUTHENTICATOR_CVE_2015_1459.NASL", "href": "https://www.tenable.com/plugins/nessus/81383", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81383);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2015-1455\",\n \"CVE-2015-1456\",\n \"CVE-2015-1457\",\n \"CVE-2015-1458\",\n \"CVE-2015-1459\"\n );\n script_bugtraq_id(72378);\n\n script_name(english:\"Fortinet FortiAuthenticator 'operation' Parameter XSS\");\n script_summary(english:\"Checks for cross-site scripting vulnerability.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a cross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fortinet FortiAuthenticator appliance is affected by a\ncross-site scripting vulnerability due to improper validation of input\nto the 'operation' parameter of the SCEP service.\n\nAppliances affected by this issue are likely affected by multiple\nother issues that; however, Nessus did not test for these. See the\nlinked advisory for further details.\");\n # http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?78acca25\");\n script_set_attribute(attribute:\"solution\", value:\n\"The vendor has yet to release a patch. As a workaround, restrict\naccess to the appliance.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1455\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:fortinet:fortiauthenticator\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"fortiauthenticator_webapp_detect.nbin\");\n script_require_keys(\"installed_sw/Fortinet FortiAuthenticator\");\n script_require_ports(\"Services/www\", 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Fortinet FortiAuthenticator\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:443);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\n\nexp_req = '/cert/scep/?operation=%22%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E';\n\nres = http_send_recv3(port : port,\n method : 'GET',\n item : exp_req,\n exit_on_fail : TRUE);\n\nif('500' >< res[0] &&\n res[2] =~ \"^Unknown\\s*operation\\s*:\" &&\n \"<script>alert('xss')</script>\" >< res[2])\n{\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n if(report_verbosity > 0)\n {\n report = '\\nNessus was able to demonstrate the vulnerability with the following request :\\n';\n report += '\\n ' + build_url(port:port, qs:exp_req) + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, \"Fortinet FortiAuthenticator\", build_url(port:port, qs:\"/\"));\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2021-08-18T11:26:28", "description": "### *Detect date*:\n02/04/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Fortinet FortiAuthenticator. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, inject code and read arbitrary files.\n\n### *Affected products*:\nFortinet FortiAuthenticator versions earlier than 3.2.1\n\n### *Solution*:\nUpdate to latest version!\n\n### *Original advisories*:\n[Fortinet bulletin](<http://www.fortiguard.com/advisory/FG-IR-15-003/>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Fortinet FortiAuthenticator](<https://threats.kaspersky.com/en/product/Fortinet-FortiAuthenticator/>)\n\n### *CVE-IDS*:\n[CVE-2015-1457](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1457>)4.9Warning \n[CVE-2015-1458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1458>)6.9High \n[CVE-2015-1459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1459>)4.3Warning \n[CVE-2015-1455](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1455>)7.5Critical \n[CVE-2015-1456](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1456>)4.0Warning", "cvss3": {}, "published": "2015-02-04T00:00:00", "type": "kaspersky", "title": "KLA10494 Multiple vulnerabilities in Fortinet FortiAuthenticator", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1455", "CVE-2015-1456", "CVE-2015-1457", "CVE-2015-1458", "CVE-2015-1459"], "modified": "2020-06-03T00:00:00", "id": "KLA10494", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10494/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T11:57:02", "description": "Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.", "cvss3": {}, "published": "2015-02-03T16:59:00", "type": "cve", "title": "CVE-2015-1456", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1456"], "modified": "2015-02-19T18:59:00", "cpe": ["cpe:/a:fortinet:fortiauthenticator:3.0.0"], "id": "CVE-2015-1456", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1456", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:57:02", "description": "Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.", "cvss3": {}, "published": "2015-02-03T16:59:00", "type": "cve", "title": "CVE-2015-1455", "cwe": ["CWE-255"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1455"], "modified": "2015-02-19T18:59:00", "cpe": ["cpe:/a:fortinet:fortiauthenticator:3.0.0"], "id": "CVE-2015-1455", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1455", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:57:07", "description": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.", "cvss3": {}, "published": "2015-02-03T16:59:00", "type": "cve", "title": "CVE-2015-1459", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1459"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:fortinet:fortiauthenticator:3.0.0"], "id": "CVE-2015-1459", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1459", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:57:05", "description": "Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.", "cvss3": {}, "published": "2015-02-03T16:59:00", "type": "cve", "title": "CVE-2015-1457", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1457"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:fortinet:fortiauthenticator:3.0.0"], "id": "CVE-2015-1457", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1457", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:57:05", "description": "Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the \"shell\" command.", "cvss3": {}, "published": "2015-02-03T16:59:00", "type": "cve", "title": "CVE-2015-1458", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1458"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:fortinet:fortiauthenticator:3.0.0"], "id": "CVE-2015-1458", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1458", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*"]}]}