Overview
- Description
- A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Weaknesses
- psirt@fortinet.com
- CWE-942
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B35D8D53-448B-474C-B7CB-324CB4ED7A82"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "933701AE-43E3-4260-973B-4EA09C375965"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D373DFA1-A7F4-4E5F-9F52-62C903E60EDA",
"versionEndIncluding": "6.3.4",
"versionStartIncluding": "6.3.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9C4E7CA-746B-4542-9E83-AC75C3DAB1FD"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3BE2AD7-5D1D-4184-AE2E-80DF59E968C4"
}
],
"operator": "OR"
}
]
}
]