FortiOS stored XSS vulnerability in the policy global-label parameter
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-17-057
Final
1
1
2017-05-17T00:00:00
Current version
2017-05-17T00:00:00
2017-05-17T00:00:00
FortiOS is subject to a Cross-Site Scripting vulnerability, due to an improperly sanitized parameter in a hidden CLI configuration setting named 'global-label' . This can however only be exploited by an administrator with write privileges.
Execute unauthorized code or commands
FortiOS versions 5.2.0 through 5.2.10 FortiOS 5.0 all versions FortiOS version 4.3.x is NOT vulnerable
Please upgrade to FortiOS versions 5.2.11 or above. Please upgrade to FortiOS versions 5.4.0 or above.
Fortinet is pleased to thank Mohamed Keffous from CAP GEMINI/SOGETI for reporting this vulnerability under responsible disclosure.
FortiOS 5.2.10
FortiOS 5.2.9
FortiOS 5.2.8
FortiOS 5.2.7
FortiOS 5.2.6
FortiOS 5.2.5
FortiOS 5.2.4
FortiOS 5.2.3
FortiOS 5.2.2
FortiOS 5.2.1
FortiOS 5.2.0
FortiOS 5.0.14
FortiOS 5.0.13
FortiOS 5.0.12
FortiOS 5.0.11
FortiOS 5.0.10
FortiOS 5.0.9
FortiOS 5.0.8
FortiOS 5.0.7
FortiOS 5.0.6
FortiOS 5.0.5
FortiOS 5.0.4
FortiOS 5.0.3
FortiOS 5.0.2
FortiOS 5.0.1
FortiOS 5.0.0
FortiOS stored XSS vulnerability in the policy global-label parameter
CVE-2017-3128
FortiOS-5.2.10
FortiOS-5.2.9
FortiOS-5.2.8
FortiOS-5.2.7
FortiOS-5.2.6
FortiOS-5.2.5
FortiOS-5.2.4
FortiOS-5.2.3
FortiOS-5.2.2
FortiOS-5.2.1
FortiOS-5.2.0
FortiOS-5.0.14
FortiOS-5.0.13
FortiOS-5.0.12
FortiOS-5.0.11
FortiOS-5.0.10
FortiOS-5.0.9
FortiOS-5.0.8
FortiOS-5.0.7
FortiOS-5.0.6
FortiOS-5.0.5
FortiOS-5.0.4
FortiOS-5.0.3
FortiOS-5.0.2
FortiOS-5.0.1
FortiOS-5.0.0
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-17-057
FortiOS stored XSS vulnerability in the policy global-label parameter
Reference>