PSIRT Advisory

FortiOS stored XSS vulnerability in the policy global-label parameter

Summary

FortiOS is subject to a Cross-Site Scripting vulnerability, due to an improperly sanitized parameter in a hidden CLI configuration setting named 'global-label' . This can however only be exploited by an administrator with write privileges.

Impact

Execute unauthorized code or commands

Affected Products

* FortiOS 5.2 branch from 5.2.0 to 5.2.10
* FortiOS 5.0 branch

Solutions

* FortiOS 5.0 and 5.2 users must upgrade to FortiOS 5.2.11 or 5.4.0 and above
* FortiOS 4.3 branch is not vulnerable

Acknowledgement

Fortinet is pleased to thank Mohamed Keffous from CAP GEMINI/SOGETI for reporting this vulnerability under responsible disclosure.