IR Number FG-IR-17-014
Date Apr 26, 2017
Severity light-circle-logo light-circle-logo light-circle-logo light-circle-logo light-circle-logo Low
Impact Open redirect
CVE ID CVE-2017-3126
CVRF Download

PSIRT Advisories

FortiAnalyzer, FortiManager Open Redirect Vulnerability

Summary

The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Affected Products

  • FortiAnalyzer versions 5.4.0 to 5.4.2, 
  • FortiManager versions 5.4.0 to 5.4.2.


Preceding versions of FortiAnalyzer and FortiManager are not impacted

Solutions

For FortiAnalyzer:

  • Upgrade to version 5.4.3


For FortiManager:

  • Upgrade to version 5.4.3

Acknowledgement

Fortinet is pleased to thank

  • Ronan Dunne of Biocompatibles UK Ltd, and
  • Babar Khan Akhunzada of SecurityWall.co & Khyber Pakhtunkhwa Govt Data Center
for reporting this vulnerability under responsible disclosure.