Fortinet FortiOS CVE-2017-14186 URI Redirection and Cross Site Scripting Vulnerabilities



Fortinet FortiOS is prone to a URI-redirection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.
Fortinet FortiOS 5.0 and prior, 5.2.0 through 5.2.12, 5.4.0 through 5.4.6 and 5.6.0 through 5.6.2 are vulnerable.

Information

Bugtraq ID: 101955
Class: Input Validation Error
CVE: CVE-2017-14186

Remote: Yes
Local: No
Published: Nov 23 2017 12:00AM
Updated: Nov 23 2017 12:00AM
Credit: Stefan Viehbck from SEC Consult Vulnerability Lab
Vulnerable: Fortinet Fortios 5.6.2
Fortinet Fortios 5.6
Fortinet Fortios 5.4.6
Fortinet Fortios 5.4.5
Fortinet Fortios 5.4.4
Fortinet Fortios 5.4.3
Fortinet Fortios 5.4.2
Fortinet Fortios 5.4.1
Fortinet Fortios 5.2.12
Fortinet Fortios 5.2.11
Fortinet Fortios 5.2.8
Fortinet Fortios 5.2.6
Fortinet Fortios 5.2.5
Fortinet Fortios 5.2.4
Fortinet Fortios 5.2.3
Fortinet Fortios 5.2.2
Fortinet Fortios 5.2.1
Fortinet Fortios 5.6.1
Fortinet Fortios 5.4.0
Fortinet Fortios 5.2.9
Fortinet Fortios 5.2.10
Fortinet Fortios 5.2.0
Fortinet FortiOS 5.0


Not Vulnerable:

Exploit


To exploit these issues an attacker must entice an unsuspecting victim to open a malicious URI.


Related Posts

Comments