FortiManager/FortiAnalyzer - XSS Vulnerability in Report Templates

Summary

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiManager and FortiAnalyzer report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.

Affected Products

FortiAnalyzer version 7.0.0 through 7.0.4
FortiAnalyzer version 6.4.0 through 6.4.8
FortiAnalyzer 6.2 all versions
FortiAnalyzer 6.0 all versions
FortiManager version 7.0.0 through 7.0.4
FortiManager version 6.4.0 through 6.4.8
FortiManager 6.2 all versions
FortiManager 6.0 all versions

Solutions

Please upgrade to FortiAnalyzer version 7.2.0 or above
Please upgrade to FortiAnalyzer version 7.0.5 or above
Please upgrade to FortiAnalyzer version 6.4.9 or above
Please upgrade to FortiManager version 7.2.0 or above
Please upgrade to FortiManager version 7.0.5 or above
Please upgrade to FortiManager version 6.4.9 or above

Acknowledgement

Fortinet is pleased to thank Mark de Groot and Ron Oostveen from the KPN REDteam for bringing this issue to our attention under responsible disclosure.