| IR Number | FG-IR-17-127 |
| Date | Jun 15, 2017 |
| Component | GUI |
| Severity |
Low |
| CVSSv3 Score | 4.2 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2017-7734 |
| Affected Products |
FortiOS
:
5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.11, 5.2.10, 5.2.1, 5.2.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiOS XSS vulnerabilities via User Groups & Config Revision Comments
Summary
Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote (malicious) Javascript in a logged in browser.
The vulnerable input fields areÂ
- the "Comments" input while saving Configuration Revisions (CVE-2017-7734)
- the "Groups" input while creating or editing User Groups (CVE-2017-7735)
Affected Products
- CVE-2017-7734: FortiOS versions 5.4.0 to 5.4.4
- CVE-2017-7735: FortiOS versions 5.2.0 to 5.4.4
Solutions
- CVE-2017-7734: Upgrade to FortiOS 5.4.5 or 5.6.0
- CVE-2017-7735: Upgrade to FortiOS 5.2.12, 5.4.5 or 5.6.0
Workarounds
- CVE-2017-7734 : Under System > Admin Profiles, edit the concerned profile(s) and set Access Control for "Maintenance" to "Read-Only"
- CVE-2017-7735 : Under System > Admin Profiles, edit the concerned profile(s) and set Access Control for "User & Device" to "Read-Only"
- Trusthosts can also be configured if the source IP addresses of trusted administrators are known.
Acknowledgement
Fortinet is pleased to thank Walmart's ISD Enterprise Security Testing (EST) Team for reporting this vulnerability under responsible disclosure.