Vulnerability CVE-2019-5587
Published: 2019-06-04   Modified: 2019-06-05

Description:
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Fortinet -> Fortios 

 References:
http://www.securityfocus.com/bid/108628
https://fortiguard.com/advisory/FG-IR-19-017
Copyright 2024, cxsecurity.com

 

Back to Top