Specialists from a cyber security course report finding at least two vulnerabilities in different products developed by Fortinet, one of the most recognized manufacturers of software and security devices. According to the report, exploiting these flaws would allow threat actors to deploy cross-site scripting (XSS) attacks.
Below are brief descriptions of reported flaws, in addition to their respective identification keys and scores according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-12811: Incorrect disinfection of user input in the <<provider name>> field of FortiManager and FortiAnalyzer would allow malicious hackers to trick the victim into following a specially crafted link and running HTML code in the context of a vulnerable site.
The flaw lies in the following solutions and versions:
- FortiManager: 6.2.0, 6.2.1, 6.2.2, 6.2.3
- FortiAnalyzer: 6.2.0, 6.2.1, 6.2.2, 6.2.3
Exploiting this flaw would allow the theft of confidential information, the modification of a website, among other scenarios, mention experts from the cyber security course. The fault received a score of 5/10.
CVE-2019-15706: This flaw exists due to insufficient disinfection of user input in the FortiOS SSL VPN portal interface, allowing the deployment of XSS attacks by injecting arbitrary HTML code into the context of a vulnerable website.
The flaw received a score of 3.9/10, experts from the cyber security course mentioned. This flaw lies in the following versions of FortiOS: 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.2.0, 6.2.1.
While flaws can be exploited by unauthenticated threat actors, so far no attempts for active exploitation have been reported. In addition, patches are now available, so Fortinet recommends that users of affected deployments update as soon as possible.