At a glance:
| IR Number | FG-IR-17-014 |
| Date | Apr 26, 2017 |
| Risk |
|
| Impact | Open redirect |
| CVE ID | CVE-2017-3126 |
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiAnalyzer, FortiManager Open Redirect Vulnerability
Summary
The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Affected Products
- FortiAnalyzer versions 5.4.0 to 5.4.2,
- FortiManager versions 5.4.0 to 5.4.2.
Preceding versions of FortiAnalyzer and FortiManager are not impacted
Solutions
For FortiAnalyzer:
- Upgrade to version 5.4.3
For FortiManager:
- Upgrade to version 5.4.3
Acknowledgement
Fortinet is pleased to thank
- Ronan Dunne of Biocompatibles UK Ltd, and
- Babar Khan Akhunzada of SecurityWall.co & Khyber Pakhtunkhwa Govt Data Center