CVE-2024-26006 is a cross-site scripting vulnerability in SSL-VPN web UI

Threat ID:CC-4522

Threat Severity:Medium

Published:10 July 2024 2:33 PM

Summary

Affected platforms

The following platforms are known to be affected:

Fortinet FortiOS

7.4.0 to 7.4.3
7.2.0 to 7.2.7
7.0.0 to 7.0.13

Fortinet FortiProxy

7.4.0 to 7.4.3
7.2.0 to 7.2.9
7.0.0 to 7.0.16

Threat details

Introduction

Fortinet has released a security update to address a medium severity vulnerability in the FortiOS and FortiProxy web secure sockets layer (SSL) virtual private network (VPN) user interface (UI).

CVE-2024-26006 is an 'improper neutralisation of input during web page generation' vulnerability with a CVSSv3 score of 6.9. A remote attacker could perform a cross-site scripting (XSS) attack after luring a user into bookmarking a malicious Samba server and then opening the bookmark. A successful XSS attack could allow the attacker the ability to execute unauthorised code or commands.

SSL-VPN vulnerabilities

VPN appliances are often internet-facing by design and frequent targets for exploitation by cyber threat groups. Previous Fortinet SSL-VPN vulnerabilities have been exploited in the wild within days of official disclosure.

Remediation advice

Affected organisations are encouraged to review Fortinet PSIRT Advisory FG-IR-23-485 and apply security updates as soon as practicable.

NOTE: Fortinet recommends using their Upgrade Path Tool to see the recommended upgrade path for a particular Fortinet product.

Definitive source of threat updates

https://www.fortiguard.com/psirt/FG-IR-23-485

CVE Vulnerabilities

StatusReserved

CVE-2024-26006

Last edited: 10 July 2024 2:40 pm