CVE-2017-7735

Name of the Vulnerable Software and Affected Versions FortiOS versions 5.2.0 through 5.2.11 FortiOS versions 5.4.0 through 5.4.4

Description The issue is related to a lack of protection for the web page structure in FortiOS, allowing for Cross-Site Scripting attacks. This can be exploited by a remote attacker who can inject malicious code into the Groups field when creating or editing user groups, potentially leading to the execution of unauthorized code or commands.

Recommendations For FortiOS versions 5.2.0 through 5.2.11, update to a version outside of this range to resolve the issue. For FortiOS versions 5.4.0 through 5.4.4, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Groups input field when creating or editing user groups until a patch is available.