CVE-2019-5587Insufficient Verification of Data Authenticity in Fortinet Fortios

CWE-345Insufficient Verification of Data AuthenticityCWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 71.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortios
Timeline
PublishedJun 4
Latest updateMay 24

Description

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortios< 6.0.5
CVEListV5fortinet/fortinet_fortiosFortiOS all versions below 6.0.5

🔴Vulnerability Details

2
GHSA
GHSA-vh73-v9g2-4q7c: Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 62022-05-24
CVEList
CVE-2019-5587: Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 62019-06-04

📋Vendor Advisories

1
Fortinet
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow...2019-06-04
CVE-2019-5587 — Fortinet Fortios vulnerability | cvebase