CVE-2017-3128

Summary

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiOS5.0.0-5.0.14, 5.2.0-5.2.10affected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References