CVE-2020-9288

Name of the Vulnerable Software and Affected Versions FortiWLC version 8.5.1

Description The issue is related to the lack of protection of the web page structure in the ESS profile and Radius microprogram software of FortiWLC wireless access controllers. This can be exploited by a remote attacker to perform cross-site scripting attacks. Specifically, an improper neutralization of input allows a remote authenticated attacker to perform a stored cross-site scripting attack via the ESS profile or the Radius Profile.

Recommendations For FortiWLC version 8.5.1, consider restricting access to the ESS profile and Radius Profile until a patch is available. As a temporary workaround, avoid using the vulnerable profiles to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.