CVE-2017-7335 in FortiWLC
Summary
by MITRE
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/20/2021
The CVE-2017-7335 vulnerability represents a critical cross-site scripting flaw discovered in Fortinet FortiWLC wireless LAN controller software across multiple version lines including 6.1.x, 7.0.x, and 8.x releases. This vulnerability specifically affects the web-based management interface of the FortiWLC device, creating a pathway for authenticated attackers to execute malicious scripts within the context of the victim's browser session. The flaw manifests through improper input validation of two specific parameters named "refresh" and "branchtotable" which are processed in HTTP POST requests sent to the device's web management interface. The vulnerability classification aligns with CWE-79 which describes cross-site scripting vulnerabilities where web applications fail to properly sanitize user-supplied data before incorporating it into dynamic web content.
The technical exploitation of this vulnerability requires an attacker to possess valid authentication credentials for the FortiWLC device, as the flaw only affects authenticated users. Once authenticated, the attacker can craft malicious HTTP POST requests containing specially crafted payloads within the "refresh" and "branchtotable" parameters. These parameters are processed by the web server without adequate sanitization or output encoding, allowing malicious JavaScript code to be executed in the browser context of any user who views the affected pages. The vulnerability essentially creates a persistent XSS vector where the injected scripts can execute with the privileges of the authenticated user, potentially leading to session hijacking, data theft, or further exploitation of the network infrastructure. This type of vulnerability falls under the ATT&CK technique T1059.007 for Command and Scripting Interpreter: JavaScript, and T1566 for Phishing, as it enables attackers to deliver malicious payloads through web interfaces.
The operational impact of this vulnerability extends beyond simple script execution as it can compromise the entire wireless network management infrastructure. An authenticated attacker with knowledge of this vulnerability can manipulate the web interface to redirect users to malicious sites, steal administrative sessions, or inject malicious code that persists across user sessions. The affected versions span multiple major releases, indicating a widespread issue that could potentially impact organizations with legacy FortiWLC deployments. Organizations using these vulnerable versions face risks including unauthorized access to wireless network configurations, potential data exfiltration through stolen session cookies, and the possibility of attackers using the compromised interface as a foothold for further network exploration. The vulnerability essentially undermines the integrity of the web-based management interface, which is critical for maintaining secure wireless network operations. Security professionals should note that this vulnerability represents a significant risk to enterprise wireless infrastructure security and requires immediate attention through patching or implementing compensating controls. The affected parameter names and the specific version ranges indicate that this is not a random flaw but rather a systematic issue in how the FortiWLC web interface processes certain user inputs, making it particularly concerning for organizations relying on Fortinet's wireless security solutions.