OpenRedirect in Malicious Generated PDF Document on FortiAnalyzer and FortiManager
Summary
An open redirect vulnerability exists in FortiAnalyzer and FortiManager when a user of the GUI is converting an HTML table to a PDF document via the FortiView feature, due to lack of user input sanitization.
An attacker may be able to social engineer a user of the FortiAnalyzer/FortiManager GUI into generating a PDF file containing malicious URLs.
Affected Products
FortiAnalyzer 6.0.0 and below.FortiManager 6.0.0 and below, when the FortiView feature is enabled.
Solutions
FortiAnalyzer: upgrade to 6.0.1 or above. FortiManager: upgrade to 6.0.1 or above. Since both FortiAnalyzer and FortiManager already have tokens to block Cross-site Request Forgery (CSRF) attacks, the risk of successful exploitation of this vulnerability is low, and mostly relies on social engineering.Acknowledgement
Fortinet is pleased to thank Donato Onofri, Luca Napolitano and Francesca Perrone of Business Integration Partners S.p.A. reporting this vulnerability under responsible disclosure.