CVE-2017-17541
N/A
N/A
Summary
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet | Fortinet FortiManager, FortiAnalyzer | FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions | affected |
Weaknesses
- Execute unauthorized code or commands
ADP Enrichment
CVE Program Container
Additional References
- https://fortiguard.com/advisory/FG-IR-17-305
- http://www.securitytracker.com/id/1041246
- http://www.securitytracker.com/id/1041247
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://fortiguard.com/advisory/FG-IR-17-305
- http://www.securitytracker.com/id/1041246
- http://www.securitytracker.com/id/1041247
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.