PSIRT Advisory

FortiOS reflected XSS in the SSL VPN web portal error page parameters

Summary

Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting (XSS) attack via multiple parameters of the error page HTTP request.

Impact

Cross-site Scripting (XSS)

Affected Products

CVE-2019-5586 FortiOS 5.2.0 to 6.0.4

CVE-2019-5588 FortiOS 6.0.0 to 6.0.4

Solutions

Upgrade to FortiOS 6.0.5 or 6.2.0


Workarounds:


Disable the SSL-VPN web portal service by applying the following CLI commands:

config vpn ssl settings
unset source-interface
end

Acknowledgement

Fortinet is pleased to thank Aaron Hall from Verizon Media Group (Oath) for reporting CVE-2019-5586  and Nathan HARDY Cybersecurity Engineer/Consultant at Sogeti Luxembourg for reporting CVE-2019-5588 under responsible disclosures.