CVE-2019-15705

{"id": "CVE-2019-15705", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-11-27T21:15:12.747", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-19-236", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/advisory/FG-IR-19-236", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request."}, {"lang": "es", "value": "Una vulnerabilidad de Comprobaci\u00f3n de Entrada Inapropiada en el portal VPN SSL de FortiOS versiones 6.2.1 y posteriores, y versiones 6.0.6 y posteriores, puede permitir a un atacante remoto no identificado bloquear el servicio VPN SSL enviando una petici\u00f3n POST especialmente dise\u00f1ada."}], "lastModified": "2024-11-21T04:29:17.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9A44C4B-988B-45E4-BA76-8984A9AB9AB0", "versionEndIncluding": "6.0.6"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D526BAA8-202A-40A9-87F9-68FB597299E6", "versionEndIncluding": "6.2.1", "versionStartIncluding": "6.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}