FortiWeb multiple vulnerabilities
Description
Older versions of FortiWeb are subject to three vulnerabilities:1. OS command injection: A WebUI administrator user may run system commands when executing a report
2. Reflected XSS: A WebUI administrator user may perform a reflected XSS attack via an improperly sanitized parameter in the FortiWeb auto update service page
3. Password field with autocomplete enabled: The WebUI FTP backup page contains a password field with HTML form autocomplete enabled
Affected Products
The Reflected XSS impacts FortiWeb versions between 5.0.0 and 5.3.4 included.The OS command injection and the password field with autocomplete enabled impact all supported FortiWeb versions lower than 5.3.5.
Solutions
Upgrade to FortiWeb 5.3.5 or higher.Workaround:
Associate administrators to a limited access profile with none or read-only privileges for the following pages:
- Maintenance
- System Configuration
- Log & report