PT-2017-15674 · Fortinet · Fortigate+1
Published
2017-04-19
·
Updated
2017-07-11
·
CVE-2017-3127
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiGate versions 5.2.0 through 5.2.10
Description
The issue allows an attacker to execute unauthorized code or commands via the
srcintf parameter during Firewall Policy Creation. This can be exploited to load and run remote malicious Javascript in a logged-in browser.Recommendations
For Fortinet FortiGate versions 5.2.0 through 5.2.10, consider disabling the Firewall Policy Creation feature until a patch is available, or restrict access to the
srcintf parameter to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortigate
Fortios