FortiOS open redirect vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-16-004
Final
1
1
2016-03-16T00:00:00
Current version
2016-03-16T00:00:00
2016-03-16T00:00:00
The FortiOS webui accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. The redirect input parameter is also prone to a cross site scripting.
Open redirect
FortiOS
Upgrade to one the following FortiOS versions: 5.0 branch: 5.0.13 or above 5.2 branch: 5.2.3 or above 5.4 branch: 5.4.0 or above 4.3 and lower branches are not affected by this vulnerability.
https://fortiguard.fortinet.com/psirt/FG-IR-16-004
FortiOS open redirect vulnerability
https://cwe.mitre.org/data/definitions/601.html
https://cwe.mitre.org/data/definitions/601.html
Fortinet is pleased to thanks to Javier Nieto from www.behindthefirewalls.com for reporting a FortiOS vulnerability under responsible disclosure
FortiOS open redirect vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-16-004
FortiOS open redirect vulnerability
Reference>
https://cwe.mitre.org/data/definitions/601.html
https://cwe.mitre.org/data/definitions/601.html