Lucene search

MitreCVE-2014-2722

HistoryMar 19, 2020 - 4:15 p.m.

CVE-2014-2722

2020-03-1916:15:12

CWE-276

mitre

web.nvd.nist.gov

fortibalancer

cve-2014-2722

ssh

access vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

59.9%

JSON

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.

Affected configurations

Nvd

Node

fortinetfortibalancer_400_firmware

AND

fortinetfortibalancer_400Match-

Node

fortinetfortibalancer_1000_firmware

AND

fortinetfortibalancer_1000Match-

Node

fortinetfortibalancer_2000_firmware

AND

fortinetfortibalancer_2000Match-

Node

fortinetfortibalancer_3000_firmware

AND

fortinetfortibalancer_3000Match-

VendorProductVersionCPE
fortinetfortibalancer_400_firmware*cpe:2.3:o:fortinet:fortibalancer_400_firmware:*:*:*:*:*:*:*:*
fortinetfortibalancer_400-cpe:2.3:h:fortinet:fortibalancer_400:-:*:*:*:*:*:*:*
fortinetfortibalancer_1000_firmware*cpe:2.3:o:fortinet:fortibalancer_1000_firmware:*:*:*:*:*:*:*:*
fortinetfortibalancer_1000-cpe:2.3:h:fortinet:fortibalancer_1000:-:*:*:*:*:*:*:*
fortinetfortibalancer_2000_firmware*cpe:2.3:o:fortinet:fortibalancer_2000_firmware:*:*:*:*:*:*:*:*
fortinetfortibalancer_2000-cpe:2.3:h:fortinet:fortibalancer_2000:-:*:*:*:*:*:*:*
fortinetfortibalancer_3000_firmware*cpe:2.3:o:fortinet:fortibalancer_3000_firmware:*:*:*:*:*:*:*:*
fortinetfortibalancer_3000-cpe:2.3:h:fortinet:fortibalancer_3000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortibalancer_400_firmware	*	cpe:2.3:o:fortinet:fortibalancer_400_firmware::::::::
fortinet	fortibalancer_400	-	cpe:2.3:h:fortinet:fortibalancer_400:-:::::::*
fortinet	fortibalancer_1000_firmware	*	cpe:2.3:o:fortinet:fortibalancer_1000_firmware::::::::
fortinet	fortibalancer_1000	-	cpe:2.3:h:fortinet:fortibalancer_1000:-:::::::*
fortinet	fortibalancer_2000_firmware	*	cpe:2.3:o:fortinet:fortibalancer_2000_firmware::::::::
fortinet	fortibalancer_2000	-	cpe:2.3:h:fortinet:fortibalancer_2000:-:::::::*
fortinet	fortibalancer_3000_firmware	*	cpe:2.3:o:fortinet:fortibalancer_3000_firmware::::::::
fortinet	fortibalancer_3000	-	cpe:2.3:h:fortinet:fortibalancer_3000:-:::::::*

References

fortiguard.com/advisory/FG-IR-14-010

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

59.9%

JSON

Related for CVE-2014-2722