Update Fortinet reserved CVE-2017-17541.

2025-06-12 02:05:39 +00:00 · 2018-07-16 11:22:50 -07:00 · 2018-07-16 11:22:50 -07:00 · fd88f106c5
commit fd88f106c5
parent 141499895d
1 changed files with 54 additions and 12 deletions
--- a/2017/17xxx/CVE-2017-17541.json
+++ b/2017/17xxx/CVE-2017-17541.json
@ -1,18 +1,60 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2017-17541",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "psirt@fortinet.com",
+      "ID": "CVE-2017-17541",
+      "STATE": "PUBLIC"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Fortinet FortiManager, FortiAnalyzer",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Fortinet"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": " A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
+         }
+      ]
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Execute unauthorized code or commands"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "url": "https://fortiguard.com/advisory/FG-IR-17-305"
         }
      ]
   }
-}
+}