CVE-2023-5451

Name of the Vulnerable Software and Affected Versions Forcepoint Next Generation Firewall Security Management Center versions prior to 6.10.13 Forcepoint Next Generation Firewall Security Management Center versions 6.11.0 through 7.1.2

Description The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting (XSS) attacks. This can enable a remote attacker to conduct cross-site scripting attacks. The SMC Downloads feature in the Forcepoint NGFW Security Management Center is affected.

Recommendations For versions prior to 6.10.13, update to version 6.10.13 or later. For versions 6.11.0 through 7.1.2, update to version 7.1.2 or later. As a temporary workaround, consider disabling the SMC Downloads feature until a patch is available. Restrict access to the Management Client downloads and ECA configuration downloads to minimize the risk of exploitation.