Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1451

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2015-1451
Last Modified 19 Feb 2015 01:58:47
Published 02 Feb 2015 11:59:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2015-1451

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.

Vulnerable Systems

Operating System

  • Fortinet Fortios 5.0.7


References

MISC - http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiOS_Multiple_Vulnerabilities.pdf

FULLDISC - 20150129 Fortinet FortiOS Multiple Vulnerabilities

CONFIRM - http://www.fortiguard.com/advisory/FG-IR-15-002/

SECUNIA - 61661

BID - 72383


Last Updated: 27 May 2016 11:07:48