{"containers": {"cna": {"affected": [{"product": "Fortinet FortiOS", "vendor": "Fortinet, Inc.", "versions": [{"status": "affected", "version": "FortiOS versions 5.2.0 through 5.2.11, and 5.4.0 through 5.4.4"}]}], "datePublic": "2017-09-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the \"Groups\" input while creating or editing User Groups."}], "problemTypes": [{"descriptions": [{"description": "Execute unauthorized code or commands", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-12T09:57:01.000Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"name": "1038705", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038705"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-17-127"}, {"name": "99098", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99098"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "DATE_PUBLIC": "2017-09-11T00:00:00", "ID": "CVE-2017-7735", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiOS", "version": {"version_data": [{"version_value": "FortiOS versions 5.2.0 through 5.2.11, and 5.4.0 through 5.4.4"}]}}]}, "vendor_name": "Fortinet, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the \"Groups\" input while creating or editing User Groups."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "references": {"reference_data": [{"name": "1038705", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038705"}, {"name": "https://fortiguard.com/advisory/FG-IR-17-127", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-17-127"}, {"name": "99098", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99098"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:12:28.403Z"}, "title": "CVE Program Container", "references": [{"name": "1038705", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038705"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-17-127"}, {"name": "99098", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99098"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T14:00:37.266792Z", "id": "CVE-2017-7735", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:11:52.628Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2017-7735", "datePublished": "2017-09-12T02:00:00.000Z", "dateReserved": "2017-04-12T00:00:00.000Z", "dateUpdated": "2024-10-25T14:11:52.628Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securitytracker.com/id/1038705", "name": "1038705", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "https://fortiguard.com/advisory/FG-IR-17-127", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/99098", "name": "99098", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:12:28.403Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-7735", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T14:00:37.266792Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:01:49.170Z"}}], "cna": {"affected": [{"vendor": "Fortinet, Inc.", "product": "Fortinet FortiOS", "versions": [{"status": "affected", "version": "FortiOS versions 5.2.0 through 5.2.11, and 5.4.0 through 5.4.4"}]}], "datePublic": "2017-09-11T00:00:00.000Z", "references": [{"url": "http://www.securitytracker.com/id/1038705", "name": "1038705", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "https://fortiguard.com/advisory/FG-IR-17-127", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/99098", "name": "99098", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the \"Groups\" input while creating or editing User Groups."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2017-09-12T09:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "FortiOS versions 5.2.0 through 5.2.11, and 5.4.0 through 5.4.4"}]}, "product_name": "Fortinet FortiOS"}]}, "vendor_name": "Fortinet, Inc."}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securitytracker.com/id/1038705", "name": "1038705", "refsource": "SECTRACK"}, {"url": "https://fortiguard.com/advisory/FG-IR-17-127", "name": "https://fortiguard.com/advisory/FG-IR-17-127", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/99098", "name": "99098", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the \"Groups\" input while creating or editing User Groups."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-7735", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com", "DATE_PUBLIC": "2017-09-11T00:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2017-7735", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:11:52.628Z", "dateReserved": "2017-04-12T00:00:00.000Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2017-09-12T02:00:00.000Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E627C59-7C16-44F0-800D-A2E8A766B26D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "233236FA-BB13-4261-BE2E-3E617406DC53", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "27844CC9-498B-4A65-91AC-AC130222EE5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "27B4C672-7ED5-4113-87AE-5774D1263C0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "2CBEA3AA-AE46-4A55-91EE-9ADC187BF614", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "05CB7A90-91BC-49AF-9B5C-EBD212484C64", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "864D3221-177B-43CE-BD7D-CB14A110268E", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "31C186D6-6AC5-49EB-A701-C91358B4A25F", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "DAC9F6C4-F887-4F25-87BD-383F6CF39806", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "F8558962-7A19-4F4A-BED0-9CB5D4CFC422", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "EC63D521-EC88-4B13-BC73-3284F3FCF3A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "DB756AF8-F9D2-472E-867B-C04D11F62FA5", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1668AE14-D9A4-4B7D-BC3F-75885792875A", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "9E0F3B9B-A06F-4A96-B2E7-9DC56E629182", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "50F8AE97-A647-4A37-8EF2-BC0BBCC8EADD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "377A2F0B-2A58-4C2C-B546-3178B353484B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "20EBDFD4-45A0-47CC-817E-48E84F945402", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the \"Groups\" input while creating or editing User Groups."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting en Fortinet FortiOS desde la versi\u00f3n 5.2.0 hasta la 5.2.11 y 5.4.0 hasta la 5.4.4 permite que atacantes remotos ejecuten c\u00f3digo o comandos sin autorizaci\u00f3n mediante la entrada \"Groups\" al crear o editar grupos de usuarios."}], "id": "CVE-2017-7735", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-12T02:29:00.420", "references": [{"source": "psirt@fortinet.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99098"}, {"source": "psirt@fortinet.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038705"}, {"source": "psirt@fortinet.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-17-127"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038705"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-17-127"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}