Details of VAR-202003-1589

ID

VAR-202003-1589

CVE

CVE-2020-6643

TITLE

Fortinet FortiIsolator Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002896

DESCRIPTION

An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). Fortinet FortiIsolator Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. A cross-site scripting vulnerability exists in the URL description of the URL filter in Fortinet FortiIsolator 1.2.2 and earlier versions. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2020-6643 // JVNDB: JVNDB-2020-002896 // VULHUB: VHN-184768 // VULMON: CVE-2020-6643

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiisolator	scope:	lte	version:	1.2.2	Trust: 1.0
vendor:	fortinet	model:	fortiisolator	scope:	eq	version:	1.2.2	Trust: 0.8

sources: JVNDB: JVNDB-2020-002896 // NVD: CVE-2020-6643

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6643
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002896
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202003-781
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-184768
value:	LOW
Trust: 0.1
VULMON:	CVE-2020-6643
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-6643
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-002896
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-184768
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-6643
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002896
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-184768 // VULMON: CVE-2020-6643 // JVNDB: JVNDB-2020-002896 // CNNVD: CNNVD-202003-781 // NVD: CVE-2020-6643

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-184768 // JVNDB: JVNDB-2020-002896 // NVD: CVE-2020-6643

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-781

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-781

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002896

PATCH

title:	FG-IR-19-270	url:	https://fortiguard.com/psirt/FG-IR-19-270	Trust: 0.8
title:	Fortinet FortiIsolator Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112508	Trust: 0.6

sources: JVNDB: JVNDB-2020-002896 // CNNVD: CNNVD-202003-781

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6643	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-002896	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-781	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0907	Trust: 0.6
db:	VULHUB	id:	VHN-184768	Trust: 0.1
db:	VULMON	id:	CVE-2020-6643	Trust: 0.1

sources: VULHUB: VHN-184768 // VULMON: CVE-2020-6643 // JVNDB: JVNDB-2020-002896 // CNNVD: CNNVD-202003-781 // NVD: CVE-2020-6643

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-19-270	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6643	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6643	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0907/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-184768 // VULMON: CVE-2020-6643 // JVNDB: JVNDB-2020-002896 // CNNVD: CNNVD-202003-781 // NVD: CVE-2020-6643

SOURCES

db:	VULHUB	id:	VHN-184768
db:	VULMON	id:	CVE-2020-6643
db:	JVNDB	id:	JVNDB-2020-002896
db:	CNNVD	id:	CNNVD-202003-781
db:	NVD	id:	CVE-2020-6643

LAST UPDATE DATE

2024-11-23T22:58:19.950000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-184768	date:	2020-03-17T00:00:00
db:	VULMON	id:	CVE-2020-6643	date:	2020-03-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-002896	date:	2020-03-27T00:00:00
db:	CNNVD	id:	CNNVD-202003-781	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-6643	date:	2024-11-21T05:36:05.087

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-184768	date:	2020-03-12T00:00:00
db:	VULMON	id:	CVE-2020-6643	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-002896	date:	2020-03-27T00:00:00
db:	CNNVD	id:	CNNVD-202003-781	date:	2020-03-12T00:00:00
db:	NVD	id:	CVE-2020-6643	date:	2020-03-12T22:15:15.780