CVE-2023-36555

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.2.0 through 7.2.4

Description The issue is related to an improper neutralization of script-related HTML tags in a web page, which can allow an attacker to execute unauthorized code or commands. This can be achieved via the SAML and Security Fabric components. A remote attacker may exploit this to inject script-related HTML tags.

Recommendations For Fortinet FortiOS versions 7.2.0 through 7.2.4, consider disabling the SAML and Security Fabric components until a patch is available to prevent exploitation. Restrict access to these components to minimize the risk of unauthorized code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.