CVE-2017-14186
Last modified
CVE-2017-14186 is a vulnerability of currently unknown severity. A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.. EPSS estimates a 3.72% chance of exploitation in the next 30 days.
Description
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortios | <= 5.0 |
| Fortinet | Fortios | > 5.2.0, <= 5.2.12 |
| Fortinet | Fortios | >= 5.4.0, <= 5.4.6 |
| Fortinet | Fortios | >= 5.6.0, <= 5.6.2 |
References
- http://www.securityfocus.com/bid/101955Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039891Third Party Advisory, VDB Entry
- https://fortiguard.com/advisory/FG-IR-17-242Vendor Advisory
- http://www.securityfocus.com/bid/101955Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039891Third Party Advisory, VDB Entry
- https://fortiguard.com/advisory/FG-IR-17-242Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-14186?
How severe is CVE-2017-14186?
How do I fix CVE-2017-14186?
Are you affected by CVE-2017-14186?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST