CVE-2023-36555

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 10, 2023

Updated: Nov 7, 2023

CWE ID 79

CWE ID 80

Summary

CVE-2023-36555 is a vulnerability affecting Fortinet FortiOS versions 7.2.0 to 7.2.4. This issue involves the mishandling of script-related HTML tags in Fortinet's web page, which is a type of Cross-Site Scripting (XSS) attack called "basic XSS." An attacker can exploit this vulnerability using the SAML and Security Fabric components to execute unauthorized code or commands, posing a significant security risk. Fortinet strongly advises users to upgrade to a patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FortiOS

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rwPZdL
https://www.cve.org/CVERecord?id=CVE-2023-36555
https://nvd.nist.gov/vuln/detail/CVE-2023-36555

Back to Vulnerability Database