Summary
It is possible to inject malicious script through the DHCP HOSTNAME option.
The malicious script code is injected into the device's "DHCP Monitor" page (System->Monitor->DHCP Monitor) on the web-based interface which is accessible by the webui administrators.
Affected Products
FortiOS
Solutions
Upgrade to one the following FortiOS versions:
- 5.0 branch: 5.0.13 or above
- 5.2 branch: 5.2.4 or above
- 5.4 branch: 5.4.0 or above
4.3 and lower branches are not affected by this vulnerability.
Acknowledgement
Fortinet is pleased to thanks to Ziv Kamir from GamaSec for reporting a FortiOS vulnerability under responsible disclosure