Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
FortiOS: Multiple Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
FortiOS is prone to multiple vulnerabilities. - It is possible to inject malicious script through the DHCP HOSTNAME option. The malicious script code is injected into the device's `DHCP Monitor` page (System->Monitor->DHCP Monitor) on the web-based interface which is accessible by the webui administrators. - The FortiOS webui accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. The redirect input parameter is also prone to a cross site scripting.
Affected Software
Affected Software
5.0 branch: < 5.0.13 5.2 branch: < 5.2.4
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to one the following FortiOS versions: 5.0 branch: 5.0.13 or above 5.2 branch: 5.2.4 or above 5.4 branch: 5.4.0 or above 4.3 and lower branches are not affected by this vulnerability.