FortiOS XSS vulnerabilities via User Groups & Config Revision Comments

Summary

Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote (malicious) Javascript in a logged in browser.


The vulnerable input fields are 

  • the "Comments" input while saving Configuration Revisions (CVE-2017-7734)
  • the "Groups" input while creating or editing User Groups (CVE-2017-7735)

Affected Products

* CVE-2017-7734: FortiOS versions 5.4.0 to 5.4.4
* CVE-2017-7735: FortiOS versions 5.2.0 to 5.4.4

Solutions

Upgrade to FortiOS 5.4.5 or 5.6.0

Acknowledgement

Fortinet is pleased to thank Walmart's ISD Enterprise Security Testing (EST) Team for reporting this vulnerability under responsible disclosure.