===================================================================== CERT-Renater Note d'Information No. 2015/VULN051 _____________________________________________________________________ DATE : 20/04/2015 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): FortiWeb versions prior to 5.3.5. ====================================================================== http://www.fortiguard.com/advisory/FG-IR-15-010/ ______________________________________________________________________ FortiWeb multiple vulnerabilities Info Risk 2 Low Date Apr 16 2015 Impact XSS, OS command injection, autocomplete in html form Fixed In Firmware 5.3.5 Older versions of FortiWeb are subject to three vulnerabilities: 1. OS command injection: A WebUI administrator user may run system commands when executing a report 2. Reflected XSS: A WebUI administrator user may perform a reflected XSS attack via an improperly sanitized parameter in the FortiWeb auto update service page 3. Password field with autocomplete enabled: The WebUI FTP backup page contains a password field with HTML form autocomplete enabled Affected Products The Reflected XSS impacts FortiWeb versions between 5.0.0 and 5.3.4 included. The OS command injection and the password field with autocomplete enabled impact all supported FortiWeb versions lower than 5.3.5. Solutions Upgrade to FortiWeb 5.3.5 or higher. Workaround: Associate administrators to a limited access profile with none or read-only privileges for the following pages: - - Maintenance - - System Configuration - - Log & report ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================