CVE-2018-1351

4.8MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortimanager
Vendor: CVE Published:; 28 June 2018

Summary

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.

Affected Version(s)

Fortinet FortiManager FortiManager 6.0.0 and below versions

References

http://www.securitytracker.com/id/1041181

vdb-entryx_refsource_SECTRACK

https://fortiguard.com/advisory/FG-IR-18-006

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104533

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 28, 2018
Vulnerability Reserved
Dec 11, 2017