Sign-up

ID

VAR-202003-1223


CVE

CVE-2014-2723


TITLE

plural FortiBalancer Inappropriate default permissions in the product

Trust: 0.8

sources: JVNDB: JVNDB-2014-008944

DESCRIPTION

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. plural FortiBalancer The product contains a vulnerability related to improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The FortiBalancer Series is an application delivery controller device. FortiBalancer is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access. This may lead to further attacks. FortiBalancer 400, 1000, 2000, and 3000 are vulnerable

Trust: 2.43

sources: NVD: CVE-2014-2723 // JVNDB: JVNDB-2014-008944 // CNVD: CNVD-2014-02233 // BID: 66637

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02233

AFFECTED PRODUCTS

vendor:fortinetmodel:fortibalancer 1000scope:eqversion:*

Trust: 1.0

vendor:fortinetmodel:fortibalancer 2000scope:eqversion:*

Trust: 1.0

vendor:fortinetmodel:fortibalancer 3000scope:eqversion:*

Trust: 1.0

vendor:fortinetmodel:fortibalancer 400scope:eqversion:*

Trust: 1.0

vendor:fortinetmodel:fortibalancer 1000scope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortibalancer 2000scope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortibalancer 3000scope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortibalancer 400scope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortibalancerscope:eqversion:3000

Trust: 0.6

vendor:fortinetmodel:fortibalancerscope:eqversion:2000

Trust: 0.6

vendor:fortinetmodel:fortibalancerscope:eqversion:1000

Trust: 0.6

vendor:fortinetmodel:fortibalancerscope:eqversion:400

Trust: 0.6

vendor:fortinetmodel:fortibalancerscope:eqversion:4000

Trust: 0.3

vendor:fortinetmodel:fortibalancerscope:eqversion:30000

Trust: 0.3

vendor:fortinetmodel:fortibalancerscope:eqversion:20000

Trust: 0.3

vendor:fortinetmodel:fortibalancerscope:eqversion:10000

Trust: 0.3

sources: CNVD: CNVD-2014-02233 // BID: 66637 // JVNDB: JVNDB-2014-008944 // NVD: CVE-2014-2723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2723
value: HIGH

Trust: 1.0

NVD: JVNDB-2014-008944
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-02233
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201406-537
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2014-2723
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2014-008944
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-02233
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2014-2723
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2014-008944
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2014-02233 // JVNDB: JVNDB-2014-008944 // CNNVD: CNNVD-201406-537 // NVD: CVE-2014-2723

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.8

sources: JVNDB: JVNDB-2014-008944 // NVD: CVE-2014-2723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-537

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201406-537

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008944

PATCH
title:FG-IR-14-010url:https://fortiguard.com/psirt/FG-IR-14-010
Trust: 0.8
title:FortiBalancer SSH Access Security Vulnerability Vulnerability (CNVD-2014-02233)url:https://www.cnvd.org.cn/patchInfo/show/44759
Trust: 0.6
title:Fortinet FortiBalancer SSH Access Repair measures for security bypass vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112725
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-02233 // 
            
            
            
            JVNDB: JVNDB-2014-008944 // 
            
            
            
            CNNVD: CNNVD-201406-537

EXTERNAL IDS
db:NVDid:CVE-2014-2723
Trust: 3.3
db:BIDid:66637
Trust: 0.9
db:JVNDBid:JVNDB-2014-008944
Trust: 0.8
db:OSVDBid:105362
Trust: 0.6
db:SECUNIAid:57673
Trust: 0.6
db:CNVDid:CNVD-2014-02233
Trust: 0.6
db:CNNVDid:CNNVD-201406-537
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-02233 // 
            
            
            
            BID: 66637 // 
            
            
            
            JVNDB: JVNDB-2014-008944 // 
            
            
            
            CNNVD: CNNVD-201406-537 // 
            
            
            
            NVD: CVE-2014-2723

REFERENCES
url:https://fortiguard.com/advisory/fg-ir-14-010
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2014-2723
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2723
Trust: 0.8
url:http://secunia.com/advisories/57673/
Trust: 0.6
url:http://osvdb.com/show/osvdb/105362
Trust: 0.6
url:http://www.fortiguard.com/advisory/fg-ir-14-010/
Trust: 0.3
url:http://www.frontierpc.com/networking/server-load-balancers/application-acceleration-appliance/fortinet/fortibalancer/400-application-accelerator-1019799770.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-02233 // 
            
            
            
            BID: 66637 // 
            
            
            
            JVNDB: JVNDB-2014-008944 // 
            
            
            
            CNNVD: CNNVD-201406-537 // 
            
            
            
            NVD: CVE-2014-2723

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 66637

SOURCES
db:CNVDid:CNVD-2014-02233
db:BIDid:66637
db:JVNDBid:JVNDB-2014-008944
db:CNNVDid:CNNVD-201406-537
db:NVDid:CVE-2014-2723

LAST UPDATE DATE
2024-11-23T21:36:02.145000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-02233date:2014-04-11T00:00:00
db:BIDid:66637date:2014-04-02T00:00:00
db:JVNDBid:JVNDB-2014-008944date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-201406-537date:2020-03-24T00:00:00
db:NVDid:CVE-2014-2723date:2024-11-21T02:06:50.457

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-02233date:2014-04-11T00:00:00
db:BIDid:66637date:2014-04-02T00:00:00
db:JVNDBid:JVNDB-2014-008944date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-201406-537date:2014-04-02T00:00:00
db:NVDid:CVE-2014-2723date:2020-03-19T16:15:12.207