CVE-2017-14190

Summary

A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.

Affected Software

VendorProductVersion RangeStatus
Fortinet, Inc.FortiOS5.6.0 to 5.6.2affected
Fortinet, Inc.FortiOS5.4.0 to 5.4.7affected
Fortinet, Inc.FortiOS5.2 and all earlier versions.affected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References