OpenCVE

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet	Fortibalancer 1000 Fortibalancer 1000 Firmware Fortibalancer 2000 Fortibalancer 2000 Firmware Fortibalancer 3000 Fortibalancer 3000 Firmware Fortibalancer 400 Fortibalancer 400 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:fortinet:fortibalancer_400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fortinet:fortibalancer_400:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:fortinet:fortibalancer_1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fortinet:fortibalancer_1000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:fortinet:fortibalancer_2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fortinet:fortibalancer_2000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:fortinet:fortibalancer_3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fortinet:fortibalancer_3000:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://fortiguard.com/advisory/FG-IR-14-010

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-19T15:48:46

Updated: 2024-08-06T10:21:36.053Z

Reserved: 2014-04-01T00:00:00

Link: CVE-2014-2721

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-19T16:15:12.033

Modified: 2024-11-21T02:06:50.137

Link: CVE-2014-2721

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-19T15:48:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-14-010"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2721", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/advisory/FG-IR-14-010", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-14-010"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:21:36.053Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-14-010"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2721", "datePublished": "2020-03-19T15:48:46", "dateReserved": "2014-04-01T00:00:00", "dateUpdated": "2024-08-06T10:21:36.053Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortibalancer_400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DC1E81D-A723-404C-B691-34FBCE5CF992", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortibalancer_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA6BE5A2-C1C3-42D2-8FDE-C951807C5AA0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortibalancer_1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "70D0EC9D-AB22-401B-8973-E50FD4163CD3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortibalancer_1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A77E82A-C8E5-4336-9F21-89FF35A6CC43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortibalancer_2000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2CF7EFE-D872-483B-B838-EA673C5517C3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortibalancer_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "F19B4462-183D-49EF-A712-C3A2734F8E2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortibalancer_3000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E55CBAEC-5C3D-45ED-94AE-16FD8E1EDD8B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortibalancer_3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "89625932-C741-4DA6-9CEA-360FA5851B5F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect."}, {"lang": "es", "value": "En FortiBalancer 400, 1000, 2000 y 3000, se detect\u00f3 una vulnerabilidad de acceso remoto a una plataforma espec\u00edfica que puede permitir a un usuario remoto conseguir acceso privilegiado a los sistemas afectados usando SSH. La vulnerabilidad es causada mediante un error de configuraci\u00f3n y no es el resultado de un defecto SSH subyacente."}], "id": "CVE-2014-2721", "lastModified": "2024-11-21T02:06:50.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-19T16:15:12.033", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-14-010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-14-010"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}