SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe remote host is running a version of FortiOS prior to 6.0.7 or 6.2.x prior to 6.2.2.
It is, therefore, affected by multiple vulnerabilities :
- A Cross-site Scripting (XSS) vulnerability in the FortiGate DHCP monitor page alllows an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site Scripting attack. (CVE-2019-6697)
- A Denial of Service vulnerability exists in the SSL VPN portal of FortiOS that allows an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request.
SolutionUpgrade to Fortinet FortiOS version to 6.0.7, 6.2.2 or later.