About to head to bed but figured I would pass this little tid bit on. Fortinet devices (FortiAnalyzer and FortiManager) are affected by PSIRT ID: 1624489. This information is thanks to Mr. Nifty on the Fortinet Reddit.
The information he was able to pull from Fortinet is as follows:
Only affects FAZ and FMG systems. Patched in 5.0.12, 5.2.6 and 5.4.1 (still not released). No work-arounds. Medium threat level (3.7), client-side XSS vulnerability in their CSS code.
Public disclosure has not happened because they are still confirming affected code, working on releasing latest 5.4.1, and apparently it may overlap with other PSIRT cases. So FortiNet is still researching it basically.
So, if you wanted to be nervous about your Fortinet hardware right before heading to bed then go ahead. I’m probably about to drink a beer and pass out myself. Click Here To Read The Reddit Post