FortiOS - Host header injection vulnerability

Summary

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browser context.

This happens when the FortiGate has web filtering and category override enabled/configured.

Affected Products

FortiOS version 6.4.1 and below.

FortiOS version 6.2.9 and below.

Solutions

Please upgrade to FortiOS version 6.4.2 or above.

Please upgrade to FortiOS version 6.2.10 or above.

Acknowledgement

Fortinet is pleased to thank Justin McCarthy for reporting this issue under responsible disclosure.