PT-2020-1570 · Fortinet · Fortiauthenticator

Published

2020-01-07

Updated

2020-01-14

CVE-2019-16154

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions FortiAuthenticator version 6.0.0

Description The issue is related to the lack of input data sanitization in the FortiAuthenticator web interface. This can be exploited by a remote attacker to perform cross-site scripting attacks (XSS). Specifically, an unauthenticated user may be able to perform an XSS attack via a parameter of the logon page.

Recommendations For FortiAuthenticator version 6.0.0, consider restricting access to the logon page until a patch is available. As a temporary workaround, avoid using the vulnerable parameter in the logon page to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2020-00580

CVE-2019-16154

Affected Products

Fortiauthenticator

PT-2020-1570 · Fortinet · Fortiauthenticator

CVE-2019-16154

Weakness Enumeration

Related Identifiers

Affected Products

References · 6