Bitte füllen Sie die markierten Felder aus.

Anmeldung Newsletter

* = Pflichtfeld
Bitte füllen Sie die markierten Felder aus.

FortiGate SSL VPN web portal login redir XSS vulnerability

(29/11/2017) A Cross-site Scripting (XSS) vulnerability in FortiOS SSL-VPN portal may allow an authenticated user to inject arbitrary web code or HTML in the context of the victim's browser via the login redir parameter.

An URL Redirection Attack may also enable an authenticated user to redirect the victim to an arbitrary URL, via the redir parameter. Follow the link to the official report. Risk classification from BSI: "high", for more information on the subject CVE-2017-14186-ID

Affected Versions of the FortiOS are:
FortiOS 5.0
FortiOS 5.2.0 up to 5.2.12
FortiOS 5.4.0 up to 5.4.6
FortiOS 5.6.0 up to 5.6.2

Suggested Upgrades:
FortiOS 5.2 branch: Upgrade to 5.2.12 special build or upcoming 5.2.13, release on December 14th.
FortiOS 5.4 branch: Upgrade to 5.4.6 special build or upcoming 5.4.7, release on December 7th.
FortiOS 5.6 branch: Upgrade to upcoming 5.6.3, release on November 27th