CVE-2017-3128

Name of the Vulnerable Software and Affected Versions FortiOS (affected versions not specified)

Description A stored Cross-Site-Scripting issue allows attackers to execute unauthorized code or commands via the global-label parameter. This can be exploited by an administrator with write privileges, due to an improperly sanitized parameter in a hidden CLI configuration setting.

Recommendations As a temporary workaround, consider restricting access to the global-label parameter in the hidden CLI configuration setting until a patch is available. Restrict write privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.