Cross-site Scripting Vulnerability in Fortinet FortiManager
CVE-2018-1351

4.8MEDIUM

Key Information:

Vendor
Fortinet
Status
Fortinet Fortimanager
Vendor
CVE Published:
28 June 2018

Summary

A Cross-site Scripting (XSS) vulnerability exists in the Fortinet FortiManager, specifically in versions 6.0.0 and 5.6.6 and below. This vulnerability allows attackers to execute malicious HTML or JavaScript code through managed remote devices by leveraging CLI commands that interact with the remote device's configuration installation log. Exploitation of this flaw could potentially lead to unauthorized access or manipulation of sensitive data.

Affected Version(s)

Fortinet FortiManager FortiManager 6.0.0 and below versions

References

http://www.securitytracker.com/id/1041181
vdb-entryx_refsource_SECTRACK
https://fortiguard.com/advisory/FG-IR-18-006
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104533
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.