DHCP HOSTNAME XSS vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-18-121
Final
1
1
2018-11-16T00:00:00
Current version
2018-11-16T00:00:00
2018-11-16T00:00:00
An attacker could send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
Execute unauthorized code or commands
FortiAnalyzer 5.6.0 and below versions. FortiManager 5.6.0 and below versions.
Upgrade to FortiAnalyzer 5.6.1 or above.Upgrade to FortiManager 5.6.1 or above.
Fortinet is pleased to thank Adrian Dabrowski of SBA Research gGmbH Sitz for reporting this vulnerability under responsible disclosure.
DHCP HOSTNAME XSS vulnerability
CVE-2018-13375
5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-18-121
DHCP HOSTNAME XSS vulnerability
Reference>