CVE-2017-3126

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 5.4.0 through 5.4.2 FortiManager versions 5.4.0 through 5.4.2

Description The issue allows an attacker to execute unauthorized code or commands via the next parameter, potentially leading to the execution of malicious actions.

Recommendations For FortiAnalyzer versions 5.4.0 through 5.4.2, avoid using the next parameter in affected API endpoints until the issue is resolved. For FortiManager versions 5.4.0 through 5.4.2, consider restricting access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.