CVE-2017-7734

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 5.4.0 through 5.4.4

Description The issue allows attackers to execute unauthorized code or commands via the Comments field while saving Config Revisions, enabling remote attackers to perform Cross-Site Scripting attacks by entering malicious code in the Comments field and saving configuration changes.

Recommendations For Fortinet FortiOS versions 5.4.0 through 5.4.4, avoid using the Comments field when saving Config Revisions until a patch is available. As a temporary workaround, consider restricting access to the Config Revisions feature to minimize the risk of exploitation.