CVE-2017-14186 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-14186 PUBLISHED CVSS 5.400000095367432 MEDIUM

Une vulnérabilité a été découverte dans Fortinet FortiOS. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

EPSS 3.00% · 86.5th percentile

Risk Scores

CVSS v3.0

5.400000095367432

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

3.00%

86.5th percentile

Affected Products

Vendor	Product	Versions
fortinet	fortios	0, 5.2.0, 5.4.0
Fortinet	FortiOS
Fortinet	Fortinet FortiOS, FortiProxy	FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

Timeline

Nov 29, 2017 CVE Published
Dec 4, 2017 PoC Published
Aug 27, 2019 PoC Published
Aug 27, 2019 PoC Published
Feb 27, 2020 PoC Published
Jul 16, 2020 PoC Published
Oct 9, 2020 PoC Published
Oct 9, 2020 PoC Published
Oct 13, 2020 PoC Published
Oct 13, 2020 PoC Published
Oct 22, 2020 PoC Published
Oct 22, 2020 PoC Published

References

https://fortiguard.com/psirt/FG-IR-18-383 advisory
https://fortiguard.com/psirt/FG-IR-19-034 advisory
https://fortiguard.com/psirt/FG-IR-17-242 advisory
https://fortiguard.com/psirt/FG-IR-18-384 advisory
https://fortiguard.com/psirt/FG-IR-18-389 advisory
http://www.securityfocus.com/bid/101955 advisory
http://www.securitytracker.com/id/1039891 advisory
https://fortiguard.com/advisory/FG-IR-17-242 advisory
https://nvd.nist.gov/vuln/detail/CVE-2017-14186 advisory
http://fortiguard.com/psirt/FG-IR-17-242 advisory
https://fortiguard.com/advisory/FG-IR-18-384 url
https://www.fortiguard.com/psirt/FG-IR-20-233 url
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13379 url

Open in Interactive Console →