CVE-2018-1351

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 5.6.6 and below Fortinet FortiManager version 6.0.0

Description A Cross-site Scripting (XSS) issue allows an attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.

Recommendations For Fortinet FortiManager versions 5.6.6 and below, update to a version above 5.6.6 to resolve the issue. For Fortinet FortiManager version 6.0.0, update to a version above 6.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the remote device CLI config installation log to minimize the risk of exploitation.