Vulnerability Description
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortios | <= 5.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101955Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039891Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-17-242Vendor Advisory
- http://www.securityfocus.com/bid/101955Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039891Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-17-242Vendor Advisory
FAQ
What is CVE-2017-14186?
CVE-2017-14186 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HT...
How severe is CVE-2017-14186?
CVE-2017-14186 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14186?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios.