PSIRT Advisory

DHCP Hostname HTML Injection

Summary

It is possible to inject malicious script through the DHCP HOSTNAME option. The malicious script code is injected into the device's "DHCP Monitor" page (System->Monitor->DHCP Monitor) on the web-based interface which is accessible by the webui administrators.

Impact

Cross Site Scripting

Affected Products

FortiOS

Solutions

Upgrade to one the following FortiOS versions:

  • 5.0 branch: 5.0.13 or above
  • 5.2 branch: 5.2.4 or above
  • 5.4 branch: 5.4.0 or above
4.3 and lower branches are not affected by this vulnerability.

Acknowledgement

Fortinet is pleased to thanks to Ziv Kamir from GamaSec for reporting a FortiOS vulnerability under responsible disclosure