DHCP Hostname HTML Injection

Summary

It is possible to inject malicious script through the DHCP HOSTNAME option. The malicious script code is injected into the device's "DHCP Monitor" page (System->Monitor->DHCP Monitor) on the web-based interface which is accessible by the webui administrators.

Affected Products

FortiOS

Solutions

Upgrade to one the following FortiOS versions:
  • 5.0 branch: 5.0.13 or above
  • 5.2 branch: 5.2.4 or above
  • 5.4 branch: 5.4.0 or above
4.3 and lower branches are not affected by this vulnerability.

Acknowledgement

Fortinet is pleased to thanks to Ziv Kamir from GamaSec for reporting a FortiOS vulnerability under responsible disclosure