Vulnerabilites related to fortinet - fortigate-3240c
CVE-2012-4948 (GCVE-0-2012-4948)
Vulnerability from cvelistv5
Published
2012-11-14 11:00
Modified
2024-08-06 20:50
Severity ?
CWE
  • n/a
Summary
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.
References
http://www.kb.cert.org/vuls/id/111708 third-party-advisory, x_refsource_CERT-VN
http://www.securityfocus.com/bid/56382 vdb-entry, x_refsource_BID
http://osvdb.org/87048 vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:50:18.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#111708",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/111708"
          },
          {
            "name": "56382",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56382"
          },
          {
            "name": "87048",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/87048"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers\u0027 installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-26T10:00:00",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#111708",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/111708"
        },
        {
          "name": "56382",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56382"
        },
        {
          "name": "87048",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/87048"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2012-4948",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers\u0027 installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#111708",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/111708"
            },
            {
              "name": "56382",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56382"
            },
            {
              "name": "87048",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/87048"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2012-4948",
    "datePublished": "2012-11-14T11:00:00",
    "dateReserved": "2012-09-17T00:00:00",
    "dateUpdated": "2024-08-06T20:50:18.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1414 (GCVE-0-2013-1414)
Vulnerability from cvelistv5
Published
2013-07-08 17:00
Modified
2024-09-16 20:16
Severity ?
CWE
  • n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
References
http://www.exploit-db.com/exploits/26528/ exploit, x_refsource_EXPLOIT-DB
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:05.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26528",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/26528/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-07-08T17:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26528",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/26528/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-1414",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26528",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/26528/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-1414",
    "datePublished": "2013-07-08T17:00:00Z",
    "dateReserved": "2013-01-24T00:00:00Z",
    "dateUpdated": "2024-09-16T20:16:50.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2012-11-14 12:30
Modified
2025-04-11 00:51
Severity ?
Summary
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.
References
cret@cert.orghttp://osvdb.org/87048
cret@cert.orghttp://www.kb.cert.org/vuls/id/111708Third Party Advisory, US Government Resource
cret@cert.orghttp://www.securityfocus.com/bid/56382Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/87048
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/111708Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56382Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
fortinet fortigate-1000c -
fortinet fortigate-100d -
fortinet fortigate-110c -
fortinet fortigate-1240b -
fortinet fortigate-200b -
fortinet fortigate-20c -
fortinet fortigate-300c -
fortinet fortigate-3040b -
fortinet fortigate-310b -
fortinet fortigate-311b -
fortinet fortigate-3140b -
fortinet fortigate-3240c -
fortinet fortigate-3810a -
fortinet fortigate-3950b -
fortinet fortigate-40c -
fortinet fortigate-5001a-sw -
fortinet fortigate-5001b -
fortinet fortigate-5020 -
fortinet fortigate-5060 -
fortinet fortigate-50b -
fortinet fortigate-5101c -
fortinet fortigate-5140b -
fortinet fortigate-600c -
fortinet fortigate-60c -
fortinet fortigate-620b -
fortinet fortigate-800c -
fortinet fortigate-80c -
fortinet fortigate-voice-80c -
fortinet fortigaterugged-100c -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-1000c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7EF5E98-4A7F-486E-A666-5CB2D6AE4B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-100d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D62FF7B-F07B-4B1A-BE3C-3269BB517B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-110c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D25F582-60D5-4B99-BF5D-DF0F075AE824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-1240b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1D6711-1D64-4BD3-9580-C332A52C169E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-200b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09756E3C-7C02-4482-B2ED-2646CA127A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-20c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F864DACE-F574-47D3-9E6D-8E463DCC1CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-300c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E0C2D6-A8B3-4CF0-86CD-45CEA5D9E4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-3040b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42813ADB-E285-4FF0-946C-3A09833D9520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-310b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B75EAF6-3E8C-40CC-92D1-6069123182AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-311b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB1DA95-78AD-442D-8251-3ACF49CA2329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-3140b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5014850E-FE19-40E8-8FA9-0FC152167B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-3240c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89280DF2-D8C0-4FDE-A79A-92687445CB20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-3810a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB41136-3EBB-45B5-A885-69EE822E9C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-3950b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB3B88B6-3B10-4CE8-A854-9621E0FB1B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-40c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5534A2C1-C352-49BD-B639-404FE61660E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5001a-sw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "615D7EB5-CA3B-430D-A1CB-8F7F17BCF403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5001b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "766FAC92-8E75-4347-9A76-DB372DA28715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9320594-0B6C-44DB-9C58-7FCBBDDC3F3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5060:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD39F61-3779-44BE-B71D-0E587072D8CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-50b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE424B2A-3299-496F-9778-04D0792BC0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5101c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59C78680-88A9-4AB0-9FE9-333690A9B66A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5140b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AA3538A-5B71-4939-8A2A-93678E6EB1D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-600c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A73FA2A-1852-4AE0-A892-9B0B06705324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-60c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F72F3FE-DC85-4605-B416-4FE31F90A06A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-620b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4BC042-D692-477E-A790-7BECF4B210A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-800c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EB09BD9-6853-40D6-BDA7-749D87335E4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-80c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E1146-572A-466A-AB34-145081F842B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-voice-80c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF418899-1667-4428-B8E8-E4E29D634DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigaterugged-100c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C24DF92-D24B-43D1-8623-17F3F90F29D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers\u0027 installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n predeterminada de Fortinet FortiGate UTM utiliza el mismo certificado de la autoridad de certificaci\u00f3n (CA) y la misma clave privada en instalaciones de diferentes clientes, lo que hace que sea m\u00e1s f\u00e1cil para atacantes MITM (man-in-the-middle) a la hora de falsificar servidores SSL, aprovechando la presencia del certificado Fortinet_CA_SSLProxy en una lista de confianza de la autoridad de certificaci\u00f3n ra\u00edz.\r\n"
    }
  ],
  "id": "CVE-2012-4948",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.2,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-11-14T12:30:59.507",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://osvdb.org/87048"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/111708"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/87048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/111708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56382"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-08 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
References
cve@mitre.orghttp://www.exploit-db.com/exploits/26528/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/26528/Exploit
Impacted products
Vendor Product Version
fortinet fortios *
fortinet fortios 4.3.10
fortinet fortios 5.0
fortinet fortios 5.0.1
fortinet fortigate-1000c -
fortinet fortigate-100d -
fortinet fortigate-110c -
fortinet fortigate-1240b -
fortinet fortigate-200b -
fortinet fortigate-20c -
fortinet fortigate-300c -
fortinet fortigate-3040b -
fortinet fortigate-310b -
fortinet fortigate-311b -
fortinet fortigate-3140b -
fortinet fortigate-3240c -
fortinet fortigate-3810a -
fortinet fortigate-3950b -
fortinet fortigate-40c -
fortinet fortigate-5001a-sw -
fortinet fortigate-5001b -
fortinet fortigate-5020 -
fortinet fortigate-5060 -
fortinet fortigate-50b -
fortinet fortigate-5101c -
fortinet fortigate-5140b -
fortinet fortigate-600c -
fortinet fortigate-60c -
fortinet fortigate-620b -
fortinet fortigate-800c -
fortinet fortigate-80c -
fortinet fortigate-voice-80c -
fortinet fortigaterugged-100c -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4A9AD38-4005-4B33-AB47-5E81F9AB5E32",
              "versionEndIncluding": "4.3.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:4.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B75D8F35-830C-498C-B658-AE89154BEB8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B177A0-244F-4A76-8425-F75C1DA3CC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D8A5EC4-CE2C-4174-9F09-361B8D153AD9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-1000c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7EF5E98-4A7F-486E-A666-5CB2D6AE4B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-100d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D62FF7B-F07B-4B1A-BE3C-3269BB517B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-110c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D25F582-60D5-4B99-BF5D-DF0F075AE824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-1240b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1D6711-1D64-4BD3-9580-C332A52C169E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-200b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09756E3C-7C02-4482-B2ED-2646CA127A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-20c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F864DACE-F574-47D3-9E6D-8E463DCC1CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-300c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E0C2D6-A8B3-4CF0-86CD-45CEA5D9E4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-3040b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42813ADB-E285-4FF0-946C-3A09833D9520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-310b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B75EAF6-3E8C-40CC-92D1-6069123182AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-311b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB1DA95-78AD-442D-8251-3ACF49CA2329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-3140b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5014850E-FE19-40E8-8FA9-0FC152167B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-3240c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89280DF2-D8C0-4FDE-A79A-92687445CB20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-3810a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB41136-3EBB-45B5-A885-69EE822E9C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-3950b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB3B88B6-3B10-4CE8-A854-9621E0FB1B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-40c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5534A2C1-C352-49BD-B639-404FE61660E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5001a-sw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "615D7EB5-CA3B-430D-A1CB-8F7F17BCF403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5001b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "766FAC92-8E75-4347-9A76-DB372DA28715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9320594-0B6C-44DB-9C58-7FCBBDDC3F3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5060:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD39F61-3779-44BE-B71D-0E587072D8CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-50b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE424B2A-3299-496F-9778-04D0792BC0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5101c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59C78680-88A9-4AB0-9FE9-333690A9B66A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-5140b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AA3538A-5B71-4939-8A2A-93678E6EB1D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-600c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A73FA2A-1852-4AE0-A892-9B0B06705324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-60c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F72F3FE-DC85-4605-B416-4FE31F90A06A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-620b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4BC042-D692-477E-A790-7BECF4B210A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-800c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EB09BD9-6853-40D6-BDA7-749D87335E4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-80c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E1146-572A-466A-AB34-145081F842B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate-voice-80c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF418899-1667-4428-B8E8-E4E29D634DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigaterugged-100c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C24DF92-D24B-43D1-8623-17F3F90F29D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en Fortinet FortiOS en el dispositivo firewall FortiGate anteriores a v4.3.13 y v5.x anteriores a v5.0.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que modifican (1) configuraci\u00f3n (2) pol\u00edticas o (3) reinicio de dispositivos a trav\u00e9s de una acci\u00f3n reinicio sobre system/maintenance/shutdown."
    }
  ],
  "id": "CVE-2013-1414",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-07-08T17:55:02.783",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/26528/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/26528/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}