PT-2017-3085 · Fortinet · Fortios
Published
2017-06-15
·
Updated
2017-09-15
·
CVE-2017-7735
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FortiOS versions 5.2.0 through 5.2.11
FortiOS versions 5.4.0 through 5.4.4
Description
The issue is related to a lack of protection for the web page structure in FortiOS, allowing for Cross-Site Scripting attacks. This can be exploited by a remote attacker who can inject malicious code into the
Groups field when creating or editing user groups, potentially leading to the execution of unauthorized code or commands.Recommendations
For FortiOS versions 5.2.0 through 5.2.11, update to a version outside of this range to resolve the issue.
For FortiOS versions 5.4.0 through 5.4.4, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to the
Groups input field when creating or editing user groups until a patch is available.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios