SNS Vulnerability

Fortinet FortiManager and FortiAnalyzer XSS Vulnerability Fixed by 5.4.0, 5.2.6 and 5.0.12

Description

(:A cross-site scripting vulnerability was reported in Fortinet FortiManager and FortiAnalyser.:A remote and authenticated attacker could exploit it by enticing their victim into following a specially formed link in order to execute arbitrary JavaScript or HTML code.::These vulnerabilities are located in the "filename" value of the "/report/graphic/upload/" module, accessible via a POST request.::A proof of concept is available.)

Vulnerable Products

Vulnerable OS:
FortiAnalyzer (Fortinet) - 5.0.0, 5.0.1, 5.0.10, 5.0.11, 5.0.2, ..., 5.0.8, 5.0.9, 5.2.0, 5.2.1, 5.2.2FortiManager (Fortinet) - 5.0, 5.0.1, 5.0.10, 5.0.11, 5.0.2, ..., 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4FortiOS (Fortinet) - 5.0, 5.0.1, 5.0.10, 5.0.11, 5.0.2, ..., 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5

Solution

- 5.0.12

CVE

References

- Bugtraq : FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability
http://seclists.org/bugtraq/2016/Jun/63
- vulnerability-lab : cross-site scripting
http://www.vulnerability-lab.com/get_content.php?id=1686

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

Low

Vulnerability First Public Report Date

2016-06-15

Target Type

Server

Possible exploit

Remote