CVE-2017-3126

Опубликовано: 27 мая 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.

Ссылки

http://www.securityfocus.com/bid/98557
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038539
http://www.securitytracker.com/id/1038540
https://fortiguard.com/psirt/FG-IR-17-014
Vendor Advisory
http://www.securityfocus.com/bid/98557
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038539
http://www.securitytracker.com/id/1038540
https://fortiguard.com/psirt/FG-IR-17-014
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.0:*:*:*:*:*:*:*

cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.1:*:*:*:*:*:*:*

cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.2:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*

cpe:2.3:o:fortinet:fortimanager_firmware:5.4.1:*:*:*:*:*:*:*

cpe:2.3:o:fortinet:fortimanager_firmware:5.4.2:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00244

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-j5fw-jqr7-2j8g