Lucene search

[email protected]CVE-2017-17541

HistoryJul 16, 2018 - 8:29 p.m.

CVE-2017-17541

2018-07-1620:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2017-17541

cross-site scripting

xss

fortinet

fortimanager

fortianalyzer

security vulnerability

ca certificates

crl certificates

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

47.0%

JSON

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.

Affected configurations

NVD

Node

fortinetfortianalyzer_firmwareRange≤5.6.4

fortinetfortianalyzer_firmwareMatch6.0.0

fortinetfortimanager_firmwareRange≤5.6.4

fortinetfortimanager_firmwareMatch6.0.0

CPENameOperatorVersion
fortinet:fortianalyzer_firmwarefortinet fortianalyzer firmwarele5.6.4
fortinet:fortianalyzer_firmwarefortinet fortianalyzer firmwareeq6.0.0
fortinet:fortimanager_firmwarefortinet fortimanager firmwarele5.6.4
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq6.0.0

CPE	Name	Operator	Version
fortinet:fortianalyzer_firmware	fortinet fortianalyzer firmware	le	5.6.4
fortinet:fortianalyzer_firmware	fortinet fortianalyzer firmware	eq	6.0.0
fortinet:fortimanager_firmware	fortinet fortimanager firmware	le	5.6.4
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	6.0.0

CNA Affected

[
  {
    "product": "Fortinet FortiManager, FortiAnalyzer",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
      }
    ]
  }
]

References

www.securitytracker.com/id/1041246

www.securitytracker.com/id/1041247

fortiguard.com/advisory/FG-IR-17-305

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

47.0%

JSON

Related for CVE-2017-17541

prion1 fortinet1 cvelist1 nvd1