CVE-2023-5451
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Forcepoint NGFW Security Management Center Management Server has SMC Downloads optional feature to offer standalone Management Client downloads and ECA configuration downloads.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Next Generation Firewall Security Management Center (SMC Downloads feature) allows Reflected XSS.
This issue affects Next Generation Firewall Security Management Center : before 6.10.13, from 6.11.0 before 7.1.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Forcepoint | Next Generation Firewall Security Management Center | 0 < 6.10.13 | affected |
| Forcepoint | Next Generation Firewall Security Management Center | 6.11.0 < 7.1.2 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Workarounds
To limit the access to the SMC, Forcepoint recommends that the SMC deployment is placed in a dedicated, secure network segment without third-party servers and limited network access. Alternatively, Forcepoint recommends disabling Management Server SMC Downloads feature.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.