| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability CVE-2012-0941
FortiGate: several vulnerabilities
Synthesis of the vulnerability
| An attacker can use several vulnerabilities of FortiGate appliances, in order to execute script code in privileged contexts. |
Severity: 2/4.
Creation date: 30/01/2012.
|
Impacted products
Description of the vulnerability
FortiGate appliances have a web interface.
However, these interfaces do not correctly filter their parameters. An attacker can then store script code, which is executed on each visit. He can also generate a Cross Site Scripting on visitor's computer. The fields_sorted_opt parameter of user/auth/list fields_sorted_opt and endpointcompliance/app_detect/predefined_sig_list can be used as an attack vector.
The following features are impacted:
Dailup List
Endpoint > Monitor > Endpoint Monitor
Endpoint > NAC > Application Database > Listings
List field sorted
Log&Report > Display
An attacker can therefore use several vulnerabilities of FortiGate appliances, in order to execute script code in privileged contexts. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: FortiGate: several vulnerabilities.
Keywords: Application Cross Dailup Database Display Endpoint FortiGate List Listings Log Monitor NAC Report Scripting Site app_detect fields_sorted_opt ortiGate predefined_sig_list several vulnerabilities.
Identifiers: BID-51708, CVE-2012-0941, VIGILANCE-VUL-11325.
|
Information sources
Computer vulnerabilities tracking service
Vigil@nce provides software vulnerability patches. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.
|
