Vulnerability Name:

CVE-2006-3222 (CCN-24624)

Assigned:2006-02-13
Published:2006-02-13
Updated:2017-07-20
Summary:The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Full-Disclosure Mailing List, Mon Feb 13 2006 - 02:10:45 CST
Bypass Fortinet anti-virus using FTP

Source: VIM
Type: UNKNOWN
20060707 FortiGate issue - "EPSV" not "ESPV"

Source: MITRE
Type: CNA
CVE-2005-3057

Source: MITRE
Type: CNA
CVE-2006-3222

Source: CCN
Type: SA18844
FortiGate URL Filter and Virus Scanning Bypass Vulnerabilities

Source: CCN
Type: SA20720
FortiGate FTP Anti-Virus Scanning Bypass Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
20720

Source: CONFIRM
Type: Patch
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html

Source: CCN
Type: Fortinet Inc. Web site
Fortinet: Award-Winning Products: complete, real-time network protection solutions

Source: OSVDB
Type: UNKNOWN
26736

Source: CCN
Type: OSVDB ID: 23137
FortiGate Anti-Virus Crafted FTP Transfer Bypass

Source: CCN
Type: OSVDB ID: 26736
FortiGate on Linux FTP EPSV Anti-Virus Scanning Bypass

Source: CCN
Type: BID-16597
Fortinet FortiGate Antivirus Engine Bypass Vulnerability

Source: BID
Type: UNKNOWN
18570

Source: CCN
Type: BID-18570
Fortinet FortiGate FTP Proxy Antivirus Engine Bypass Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-2467

Source: XF
Type: UNKNOWN
fortinet-ftp-scan-bypass(24624)

Source: XF
Type: UNKNOWN
fortinet-ftp-espv-security-bypass(27532)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:fortinet:fortios:2.5_0mr4:*:*:*:*:*:*:*
  • OR cpe:/o:fortinet:fortios:2.8_mr10:*:*:*:*:*:*:*
  • OR cpe:/o:fortinet:fortios:2.36:*:*:*:*:*:*:*
  • OR cpe:/o:fortinet:fortios:2.50:*:*:*:*:*:*:*
  • OR cpe:/o:fortinet:fortios:2.50_mr5:*:*:*:*:*:*:*
  • OR cpe:/o:fortinet:fortios:2.80:*:*:*:*:*:*:*
  • OR cpe:/o:fortinet:fortios:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:fortinet:fortios:3.0_beta:*:*:*:*:*:*:*
  • OR cpe:/o:fortinet:fortios:3.0_mr1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-3222 (CCN-27532)

    Assigned:2006-06-21
    Published:2006-06-21
    Updated:2006-06-21
    Summary:Fortinet FortiOS (FortiGate) using the FTP Anti-Virus gateway scanning service could allow a remote attacker to bypass security restrictions caused by an error in the FTP proxy when using Enhanced Passive FTP (EPSV). A remote attacker using a malicious FTP client could exploit this vulnerability to bypass security restrictions and upload malicious files to a victim's system.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): None
    Vulnerability Consequences:Bypass Security
    References:Source: MITRE
    Type: CNA
    CVE-2006-3222

    Source: CCN
    Type: SA20720
    FortiGate FTP Anti-Virus Scanning Bypass Vulnerability

    Source: CCN
    Type: FortiGuard Advisory (FGA-2006-15)
    Advisory - FTP Anti-Virus scanning application bypass vulnerability

    Source: CCN
    Type: Fortinet FortiOS Web site
    Fortinet Award-Winning Products: complete, real-time network protection solutions

    Source: CCN
    Type: OSVDB ID: 26736
    FortiGate on Linux FTP EPSV Anti-Virus Scanning Bypass

    Source: CCN
    Type: BID-18570
    Fortinet FortiGate FTP Proxy Antivirus Engine Bypass Vulnerability

    Source: XF
    Type: UNKNOWN
    fortinet-ftp-espv-security-bypass(27532)

    BACK
    fortinet fortios 2.5_0mr4
    fortinet fortios 2.8_mr10
    fortinet fortios 2.36
    fortinet fortios 2.50
    fortinet fortios 2.50_mr5
    fortinet fortios 2.80
    fortinet fortios 3.0
    fortinet fortios 3.0_beta
    fortinet fortios 3.0_mr1