CVE-2017-17541

6.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortimanager, Fortianalyzer
Vendor: CVE Published:; 16 July 2018

Summary

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.

Affected Version(s)

Fortinet FortiManager, FortiAnalyzer FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions

References

https://fortiguard.com/advisory/FG-IR-17-305

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041246

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id/1041247

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 16, 2018
Vulnerability Reserved
Dec 11, 2017

.