=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN517
_____________________________________________________________________

DATE                : 06/10/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiAnalyzer versions prior to
                                     6.2.8, 6.4.7, 7.0.1,
                    FortiManager versions prior to 7.0.1, 6.4.7.

=====================================================================
https://www.fortiguard.com/psirt/FG-IR-20-098
https://www.fortiguard.com/psirt/FG-IR-21-112
_____________________________________________________________________

FortiAnalyzer - XSS vulnerability observed in the Column settings of LogView

IR Number    : FG-IR-20-098
Date         : Oct 5, 2021
Risk         : 3/5
CVSSv3 Score : 4.2
Impact       : Unauthorized code execution
CVE ID       : CVE-2021-24021
Affected Products: FortiAnalyzer: 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7,
6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7,
6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0


Summary

An improper neutralization of input vulnerability [CWE-79] in
FortiAnalyzer may allow a remote authenticated attacker to perform
a stored cross site scripting attack (XSS) via the column settings
of Logview in FortiAnalyzer, should the attacker be able to obtain
that POST request, via other, hypothetical attacks.


Affected Products

FortiAnalyzer version 6.4.3 and below.
FortiAnalyzer version 6.2.7 and below.
FortiAnalyzer version 6.0.x.


Solutions

Please upgrade to FortiAnalyzer version 6.4.4 or above.

Please upgrade to FortiAnalyzer version 6.2.8 or above.


Workaround:

Disable Log View/Fortiview access.
config system admin profile
edit set log-viewer none
next
end


Acknowledgement

Fortinet is pleased to thank Frank Cozijnsen of the KPN REDteam for
reporting this vulnerability under responsible disclosure.

_____________________________________________________________________


FortiAnalyzer & FortiManager - Forticloud credentials observed in
cleartext in the logfile

IR Number    : FG-IR-21-112
Date         : Oct 5, 2021
Risk         : 2/5
CVSSv3 Score : 3
Impact       : Information Disclosure
CVE ID       : CVE-2021-36170
Affected Products: FortiManager: 7.0.0, 6.4.6
FortiAnalyzer: 7.0.0, 6.4.6


Summary

An information disclosure vulnerability [CWE-200] in FortiAnalyzer and
FortiManager VM may allow an authenticated attacker to read the
FortiCloud credentials which were used to activate the trial license
in cleartext.


Affected Products

FortiManager version 7.0.0.
FortiManager versions 6.4.6 and below.

FortiAnalyzer version 7.0.0.
FortiAnalyzer versions 6.4.6 and below.



Solutions

Please upgrade to FortiManager version 6.4.7 or above.
Please upgrade to FortiManager version 7.0.1 or above.

Please upgrade to FortiAnalyzer version 6.4.7 or above.
Please upgrade to FortiAnalyzer version 7.0.1 or above.


Acknowledgement

Fortinet is pleased to thank Evgenii Erinskii from the Technical
Support Team for reporting this vulnerability under responsible
disclosure.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================