CVE-2019-17654

CWE-3454 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 55.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimanagerFortinet Fortinet Fortimanager
Timeline
PublishedMar 15
Latest updateMay 24

Description

An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortinet_fortimanager6.0.6 and below, 6.2.0, 6.2.1+2

🔴Vulnerability Details

2
GHSA
GHSA-qm8w-7xj7-x5m6: An Insufficient Verification of Data Authenticity vulnerability in FortiManager 62022-05-24
CVEList
CVE-2019-17654: An Insufficient Verification of Data Authenticity vulnerability in FortiManager 62020-03-15

📋Vendor Advisories

1
Fortinet
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow...2020-03-15
CVE-2019-17654 (HIGH CVSS 8.8) | An Insufficient Verification of Dat | cvebase.io