CVE-2014-8616

Name of the Vulnerable Software and Affected Versions FortiOS versions 5.2.x through 5.2.2

Description The issue is caused by insufficient protection of the web page structure in the FortiOS operating system, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors to the user group or vpn template menus. This can enable an attacker to inject arbitrary JavaScript or HTML code.

Recommendations For FortiOS versions 5.2.x through 5.2.2, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the user group and vpn template menus to minimize the risk of exploitation. Avoid using the user group and vpn template menus in the affected FortiOS versions until the issue is resolved.