ID
VAR-202003-1221
CVE
CVE-2014-2721
TITLE
plural FortiBalancer Inappropriate default permissions in the product
Trust: 0.8
sources:
JVNDB: JVNDB-2014-008942
DESCRIPTION
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. plural FortiBalancer The product contains a vulnerability related to improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The FortiBalancer Series is an application delivery controller device. FortiBalancer is prone to a security-bypass vulnerability. This may lead to further attacks. FortiBalancer 400, 1000, 2000, and 3000 are vulnerable
Trust: 2.52
sources:
NVD: CVE-2014-2721 //
JVNDB: JVNDB-2014-008942 //
CNVD: CNVD-2014-02231 //
BID: 66626 //
VULMON: CVE-2014-2721
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2014-02231
AFFECTED PRODUCTS
| vendor: | fortinet | model: | fortibalancer 1000 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | fortinet | model: | fortibalancer 2000 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | fortinet | model: | fortibalancer 3000 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | fortinet | model: | fortibalancer 400 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | fortinet | model: | fortibalancer 1000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | fortinet | model: | fortibalancer 2000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | fortinet | model: | fortibalancer 3000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | fortinet | model: | fortibalancer 400 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | fortinet | model: | fortibalancer | scope: | eq | version: | 3000 | Trust: 0.6 |
| vendor: | fortinet | model: | fortibalancer | scope: | eq | version: | 2000 | Trust: 0.6 |
| vendor: | fortinet | model: | fortibalancer | scope: | eq | version: | 1000 | Trust: 0.6 |
| vendor: | fortinet | model: | fortibalancer | scope: | eq | version: | 400 | Trust: 0.6 |
| vendor: | fortinet | model: | fortibalancer | scope: | eq | version: | 4000 | Trust: 0.3 |
| vendor: | fortinet | model: | fortibalancer | scope: | eq | version: | 30000 | Trust: 0.3 |
| vendor: | fortinet | model: | fortibalancer | scope: | eq | version: | 20000 | Trust: 0.3 |
| vendor: | fortinet | model: | fortibalancer | scope: | eq | version: | 10000 | Trust: 0.3 |
sources:
CNVD: CNVD-2014-02231 //
BID: 66626 //
JVNDB: JVNDB-2014-008942 //
NVD: CVE-2014-2721
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2014-02231 //
VULMON: CVE-2014-2721 //
JVNDB: JVNDB-2014-008942 //
CNNVD: CNNVD-201406-535 //
NVD: CVE-2014-2721
PROBLEMTYPE DATA
| problemtype: | CWE-276 | Trust: 1.8 |
sources:
JVNDB: JVNDB-2014-008942 //
NVD: CVE-2014-2721
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201406-535
TYPE
permissions and access control issues
Trust: 0.6
sources:
CNNVD: CNNVD-201406-535
CONFIGURATIONS
sources:
JVNDB: JVNDB-2014-008942
PATCH
| title: | FG-IR-14-010 | url: | https://fortiguard.com/psirt/FG-IR-14-010 | Trust: 0.8 |
| title: | FortiBalancer SSH access security security bypass patch | url: | https://www.cnvd.org.cn/patchInfo/show/44754 | Trust: 0.6 |
| title: | Fortinet FortiBalancer SSH Access Repair measures for security bypass vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112723 | Trust: 0.6 |
sources:
CNVD: CNVD-2014-02231 //
JVNDB: JVNDB-2014-008942 //
CNNVD: CNNVD-201406-535
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-2721 | Trust: 3.4 |
| db: | BID | id: | 66626 | Trust: 0.9 |
| db: | JVNDB | id: | JVNDB-2014-008942 | Trust: 0.8 |
| db: | SECUNIA | id: | 57673 | Trust: 0.6 |
| db: | OSVDB | id: | 105360 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2014-02231 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201406-535 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2014-2721 | Trust: 0.1 |
sources:
CNVD: CNVD-2014-02231 //
VULMON: CVE-2014-2721 //
BID: 66626 //
JVNDB: JVNDB-2014-008942 //
CNNVD: CNNVD-201406-535 //
NVD: CVE-2014-2721
REFERENCES
| url: | https://fortiguard.com/advisory/fg-ir-14-010 | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2014-2721 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2721 | Trust: 0.8 |
| url: | http://secunia.com/advisories/57673/ | Trust: 0.6 |
| url: | http://osvdb.com/show/osvdb/105360 | Trust: 0.6 |
| url: | http://www.fortiguard.com/advisory/fg-ir-14-010/ | Trust: 0.3 |
| url: | http://www.frontierpc.com/networking/server-load-balancers/application-acceleration-appliance/fortinet/fortibalancer/400-application-accelerator-1019799770.html | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/276.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
CNVD: CNVD-2014-02231 //
VULMON: CVE-2014-2721 //
BID: 66626 //
JVNDB: JVNDB-2014-008942 //
CNNVD: CNNVD-201406-535 //
NVD: CVE-2014-2721
CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
BID: 66626
SOURCES
| db: | CNVD | id: | CNVD-2014-02231 |
| db: | VULMON | id: | CVE-2014-2721 |
| db: | BID | id: | 66626 |
| db: | JVNDB | id: | JVNDB-2014-008942 |
| db: | CNNVD | id: | CNNVD-201406-535 |
| db: | NVD | id: | CVE-2014-2721 |
LAST UPDATE DATE
2024-11-23T21:36:02.177000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-02231 | date: | 2014-04-11T00:00:00 |
| db: | VULMON | id: | CVE-2014-2721 | date: | 2020-03-23T00:00:00 |
| db: | BID | id: | 66626 | date: | 2014-04-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-008942 | date: | 2020-04-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201406-535 | date: | 2020-03-24T00:00:00 |
| db: | NVD | id: | CVE-2014-2721 | date: | 2024-11-21T02:06:50.137 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-02231 | date: | 2014-04-11T00:00:00 |
| db: | VULMON | id: | CVE-2014-2721 | date: | 2020-03-19T00:00:00 |
| db: | BID | id: | 66626 | date: | 2014-04-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-008942 | date: | 2020-04-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201406-535 | date: | 2014-04-02T00:00:00 |
| db: | NVD | id: | CVE-2014-2721 | date: | 2020-03-19T16:15:12.033 |