FortiOS URL redirection attack via the admin password change page
Summary
An improper input validation vulnerability in FortiOS admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.
An attacker could potentially redirect unsuspecting admin users to a malicious website, should they click on a specifically crafted URL provided by the attacker and pointing to the FortiOS webUI admin password initial change page.
Affected Products
FortiOS 6.2.1, 6.2.0, 6.0.8 and below versions until 5.4.0.(versions lower than 5.4.0 are not impacted)
Solutions
Upgrade to FortiOS 6.2.2 or 6.0.9 or aboveAcknowledgement
Fortinet is pleased to thank "Independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev" for reporting this vulnerability under responsible disclosure.