Open Redirect Vulnerability in Fortinet FortiManager and FortiAnalyzer Products
CVE-2018-1355

6.1MEDIUM

Key Information:

Vendor
Fortinet
Status
Fortinet Fortimanager, Fortianalyzer
Vendor
CVE Published:
27 June 2018

Summary

An open redirect vulnerability exists in Fortinet's FortiManager (versions 6.0.0, 5.6.5 and below) and FortiAnalyzer (versions 6.0.0, 5.6.5 and below). This flaw permits attackers to inject malicious script code while converting an HTML table to a PDF document via the FortiView feature. By exploiting this vulnerability, an attacker could potentially trick an authenticated user into generating a PDF that contains harmful URLs, leading to further security incidents.

Affected Version(s)

Fortinet FortiManager, FortiAnalyzer FortiManager 6.0.0, 5.6.5 and below versions

Fortinet FortiManager, FortiAnalyzer FortiAnalyzer 6.0.0, 5.6.5 and below versions

References

http://www.securityfocus.com/bid/104546
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041185
vdb-entryx_refsource_SECTRACK
https://fortiguard.com/advisory/FG-IR-18-022
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.