FortiOS reflected XSS in the SSL VPN web portal error page parameters

Summary

Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting (XSS) attack via multiple parameters of the error page HTTP request.

Affected Products

CVE-2019-5586
FortiOS 6.0.0 to 6.0.4
FortiOS 5.2.0 to 5.6.10
CVE-2019-5588
FortiOS 6.0.0 to 6.0.4

Solutions

Upgrade to FortiOS 5.6.11, 6.0.5 or 6.2.0 Workarounds: Disable the SSL-VPN web portal service by applying the following CLI commands: config vpn ssl settings unset source-interface end Revision History: 05-24-2019 Initial version 08-21-2019 Add 5.6 branch fixing for CVE-2019-5586

Acknowledgement

Fortinet is pleased to thank Aaron Hall from Verizon Media Group (Oath) for reporting CVE-2019-5586  and Nathan HARDY Cybersecurity Engineer/Consultant at Sogeti Luxembourg for reporting CVE-2019-5588 under responsible disclosures.