Vulnerabilities > CVE-2014-2216 - Denial of Service vulnerability in Fortinet FortiOS

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

fortinet

nessus

NVD

Published: 2014-08-25

Updated: 2017-08-29

Summary

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.

Vulnerable Configurations

Part	Description	Count
OS	Fortinet Fortinet Fortios 4.3.10 Fortinet Fortios 4.3.12 Fortinet Fortios 4.3.13 Fortinet Fortios 4.3.14 Fortinet Fortios 3.1.0 Fortinet Fortios 3.2.0 Fortinet Fortios 3.3.0 Fortinet Fortios 3.3.3 Fortinet Fortios 3.3.5 Fortinet Fortios 3.3.6 Fortinet Fortios 3.3.7 Fortinet Fortios 3.3.8 Fortinet Fortios 3.3.9 Fortinet Fortios 3.3.10 Fortinet Fortios 3.3.11 Fortinet Fortios 3.3.12 Fortinet Fortios 3.3.13 Fortinet Fortios 3.3.14 Fortinet Fortios 3.4.0 Fortinet Fortios 3.4.1 Fortinet Fortios 3.4.2 Fortinet Fortios 3.4.3 Fortinet Fortios 3.4.4 Fortinet Fortios 3.4.5 Fortinet Fortios 3.5.0 Fortinet Fortios 3.5.1 Fortinet Fortios 3.5.2 Fortinet Fortios 3.5.3 Fortinet Fortios 3.5.4 Fortinet Fortios 3.5.5 Fortinet Fortios 3.5.6 Fortinet Fortios 3.5.7 Fortinet Fortios 3.6.0 Fortinet Fortios 3.6.1 Fortinet Fortios 3.6.2 Fortinet Fortios 3.6.3 Fortinet Fortios 3.6.4 Fortinet Fortios 3.6.5 Fortinet Fortios 3.6.6 Fortinet Fortios 3.7.0 Fortinet Fortios 3.7.1 Fortinet Fortios 3.7.2 Fortinet Fortios 3.7.3 Fortinet Fortios 3.7.4 Fortinet Fortios 3.7.5 Fortinet Fortios 3.7.6 Fortinet Fortios 3.7.7 Fortinet Fortios 3.7.8 Fortinet Fortios 3.7.9 Fortinet Fortios 3.7.10 Fortinet Fortios 4.0.0 Fortinet Fortios 4.0.1 Fortinet Fortios 4.0.2 Fortinet Fortios 4.0.3 Fortinet Fortios 4.0.4 Fortinet Fortios 4.1.0 Fortinet Fortios 4.1.1 Fortinet Fortios 4.1.2 Fortinet Fortios 4.1.3 Fortinet Fortios 4.1.4 Fortinet Fortios 4.1.5 Fortinet Fortios 4.1.6 Fortinet Fortios 4.1.7 Fortinet Fortios 4.1.8 Fortinet Fortios 4.1.9 Fortinet Fortios 4.1.10 Fortinet Fortios 4.1.11 Fortinet Fortios 4.2.0 Fortinet Fortios 4.2.1 Fortinet Fortios 4.2.2 Fortinet Fortios 4.2.3 Fortinet Fortios 4.2.4 Fortinet Fortios 4.2.5 Fortinet Fortios 4.2.6 Fortinet Fortios 4.2.7 Fortinet Fortios 4.2.8 Fortinet Fortios 4.2.9 Fortinet Fortios 4.2.10 Fortinet Fortios 4.2.11 Fortinet Fortios 4.2.12 Fortinet Fortios 4.2.13 Fortinet Fortios 4.2.14 Fortinet Fortios 4.2.15 Fortinet Fortios 4.2.16 Fortinet Fortios 4.3.0 Fortinet Fortios 4.3.1 Fortinet Fortios 4.3.2 Fortinet Fortios 4.3.3 Fortinet Fortios 4.3.4 Fortinet Fortios 4.3.5 Fortinet Fortios 4.3.6 Fortinet Fortios 4.3.7 Fortinet Fortios 4.3.8 Fortinet Fortios 4.3.9 Fortinet Fortios 4.3.11 Fortinet Fortios 4.3.15 Fortinet Fortios 5.0.0 Fortinet Fortios 5.0.3 Fortinet Fortios 5.0.4 Fortinet Fortios 5.0.5 Fortinet Fortios 5.0.6 Fortinet Fortios 5.0.7	102

Nessus

NASL family	Firewalls
NASL id	FORTIOS_FG-IR-14-006.NASL
description	The remote host is running FortiOS prior to 4.3.16 or 5.x prior to 5.0.8. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the FortiManager service when handling incoming requests. Using a specially crafted request, a remote attacker can exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-2216) - A flaw exists within the FortiManager communications protocol that allows a man-in-the-middle attacker, using an anonymous cipher suite, to acquire sensitive information or otherwise impact host communications. (CVE-2014-0351)
last seen	2020-06-01
modified	2020-06-02
plugin id	77988
published	2014-09-30
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77988
title	Fortinet FortiOS < 4.3.16 / 5.x < 5.0.8 Multiple Vulnerabilities (FG-IR-14-006)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77988); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_cve_id("CVE-2014-2216", "CVE-2014-0351"); script_bugtraq_id(69338, 69754); script_xref(name:"CERT", value:"730964"); script_name(english:"Fortinet FortiOS < 4.3.16 / 5.x < 5.0.8 Multiple Vulnerabilities (FG-IR-14-006)"); script_summary(english:"Checks the version of FortiOS."); script_set_attribute(attribute:"synopsis", value:"The remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running FortiOS prior to 4.3.16 or 5.x prior to 5.0.8. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the FortiManager service when handling incoming requests. Using a specially crafted request, a remote attacker can exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-2216) - A flaw exists within the FortiManager communications protocol that allows a man-in-the-middle attacker, using an anonymous cipher suite, to acquire sensitive information or otherwise impact host communications. (CVE-2014-0351)"); script_set_attribute(attribute:"see_also", value:"https://fortiguard.com/psirt/FG-IR-14-006"); script_set_attribute(attribute:"solution", value: "Upgrade to Fortinet FortiOS 4.3.16 / 5.0.8 / 5.2.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/30"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fortinet:fortios"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Firewalls"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("fortinet_version.nbin"); script_require_keys("Host/Fortigate/model", "Host/Fortigate/version", "Host/Fortigate/build", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); app_name = "FortiOS"; model = get_kb_item_or_exit("Host/Fortigate/model"); # Make sure device is FortiGate or FortiWiFi. if (!preg(string:model, pattern:"forti(gate\|wifi)", icase:TRUE)) audit(AUDIT_HOST_NOT, "a FortiGate or FortiWiFi"); version = get_kb_item_or_exit("Host/Fortigate/version"); build = get_kb_item_or_exit("Host/Fortigate/build"); if (report_paranoia < 2) audit(AUDIT_PARANOID); # Versions < 4.3.16 / 5.x < 5.0.8 is affected. if (version =~ "^[0-4]\.") { fix = "4.3.16"; fix_build = 686; } else if (version =~ "^5\.0\.") { fix = "5.0.8"; fix_build = 291; } else audit(AUDIT_INST_VER_NOT_VULN, app_name, version); # If build number is available, this is the safest comparison. # Otherwise compare version numbers. vuln = FALSE; if (build !~ "Unknown") { if (int(build) < fix_build) vuln = TRUE; } else if (ver_compare(ver:version, fix:fix, strict:FALSE) == -1) vuln = TRUE; if (vuln) { if (report_verbosity > 0) { report = '\n Model : ' + model + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(extra:report, port:0); } else security_hole(0); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, app_name, version);

The Hacker News

id	THN:914A6AD9E4FAEEAB85F43C59639A9B38
last seen	2018-01-27
modified	2016-01-13
published	2016-01-12
reporter	Swati Khandelwal
source	https://thehackernews.com/2016/01/fortinet-firewall-password-hack.html
title	Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls

Summary

Vulnerable Configurations

Nessus

The Hacker News

References