ByteOS Network

NVD Vulnerability Details :

CVE-2018-1351

Modified

Source-psirt@fortinet.com

Published At-28 Jun, 2018 | 15:29

Updated At-22 Jan, 2020 | 16:15

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.8	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 3.5

Base severity: LOW

Vector:

AV:N/AC:M/Au:S/C:N/I:P/A:N

CPE Matches

Fortinet, Inc.

>>fortimanager>>Versions up to 6.0.0(inclusive)

cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/104533	psirt@fortinet.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041181	psirt@fortinet.com	Third Party Advisory VDB Entry
https://fortiguard.com/advisory/FG-IR-18-006	psirt@fortinet.com	Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/104533

Source: psirt@fortinet.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.securitytracker.com/id/1041181

Source: psirt@fortinet.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://fortiguard.com/advisory/FG-IR-18-006

Source: psirt@fortinet.com

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History