Lucene search

[email protected]NVD:CVE-2016-3978

HistoryApr 08, 2016 - 2:59 p.m.

CVE-2016-3978

2016-04-0814:59:07

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

59.8%

JSON

The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the “redirect” parameter to “login.”

Affected configurations

Nvd

Node

fortinetfortiosMatch5.0.0

fortinetfortiosMatch5.0.1

fortinetfortiosMatch5.0.2

fortinetfortiosMatch5.0.3

fortinetfortiosMatch5.0.4

fortinetfortiosMatch5.0.5

fortinetfortiosMatch5.0.6

fortinetfortiosMatch5.0.7

fortinetfortiosMatch5.0.8

fortinetfortiosMatch5.0.9

fortinetfortiosMatch5.0.10

fortinetfortiosMatch5.0.11

fortinetfortiosMatch5.0.12

fortinetfortiosMatch5.2.0

fortinetfortiosMatch5.2.1

fortinetfortiosMatch5.2.2

fortinetfortiosMatch5.4

VendorProductVersionCPE
fortinetfortios5.0.0cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:*
fortinetfortios5.0.1cpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*
fortinetfortios5.0.2cpe:2.3:o:fortinet:fortios:5.0.2:*:*:*:*:*:*:*
fortinetfortios5.0.3cpe:2.3:o:fortinet:fortios:5.0.3:*:*:*:*:*:*:*
fortinetfortios5.0.4cpe:2.3:o:fortinet:fortios:5.0.4:*:*:*:*:*:*:*
fortinetfortios5.0.5cpe:2.3:o:fortinet:fortios:5.0.5:*:*:*:*:*:*:*
fortinetfortios5.0.6cpe:2.3:o:fortinet:fortios:5.0.6:*:*:*:*:*:*:*
fortinetfortios5.0.7cpe:2.3:o:fortinet:fortios:5.0.7:*:*:*:*:*:*:*
fortinetfortios5.0.8cpe:2.3:o:fortinet:fortios:5.0.8:*:*:*:*:*:*:*
fortinetfortios5.0.9cpe:2.3:o:fortinet:fortios:5.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	5.0.0	cpe:2.3:o:fortinet:fortios:5.0.0:::::::*
fortinet	fortios	5.0.1	cpe:2.3:o:fortinet:fortios:5.0.1:::::::*
fortinet	fortios	5.0.2	cpe:2.3:o:fortinet:fortios:5.0.2:::::::*
fortinet	fortios	5.0.3	cpe:2.3:o:fortinet:fortios:5.0.3:::::::*
fortinet	fortios	5.0.4	cpe:2.3:o:fortinet:fortios:5.0.4:::::::*
fortinet	fortios	5.0.5	cpe:2.3:o:fortinet:fortios:5.0.5:::::::*
fortinet	fortios	5.0.6	cpe:2.3:o:fortinet:fortios:5.0.6:::::::*
fortinet	fortios	5.0.7	cpe:2.3:o:fortinet:fortios:5.0.7:::::::*
fortinet	fortios	5.0.8	cpe:2.3:o:fortinet:fortios:5.0.8:::::::*
fortinet	fortios	5.0.9	cpe:2.3:o:fortinet:fortios:5.0.9:::::::*

Rows per page:

1-10 of 171

References

seclists.org/fulldisclosure/2016/Mar/68

www.fortiguard.com/advisory/fortios-open-redirect-vulnerability

www.securitytracker.com/id/1035332

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

59.8%

JSON

Related for NVD:CVE-2016-3978

nuclei1 cve1 prion1 cvelist1