CVE-2023-5451

Summary

Forcepoint NGFW Security Management Center Management Server has SMC Downloads optional feature to offer standalone Management Client downloads and ECA configuration downloads.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Next Generation Firewall Security Management Center (SMC Downloads feature) allows Reflected XSS.

This issue affects Next Generation Firewall Security Management Center : before 6.10.13, from 6.11.0 before 7.1.2.

Affected Software

VendorProductVersion RangeStatus
ForcepointNext Generation Firewall Security Management Center0 < 6.10.13affected
ForcepointNext Generation Firewall Security Management Center6.11.0 < 7.1.2affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Workarounds

To limit the access to the SMC, Forcepoint recommends that the SMC deployment is placed in a dedicated, secure network segment without third-party servers and limited network access. Alternatively, Forcepoint recommends disabling Management Server SMC Downloads feature.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References