SSL VPN web portal Host Header Redirection Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-002 Final 1 1 2020-01-03T00:00:00 Current version 2020-01-03T00:00:00 2020-01-03T00:00:00 A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP requests, the SSL-VPN web portal may respond with a redirection to websites specified by the attacker.If a web proxy's cache is poisoned with the aforementioned redirection, users of this web proxy may be directed to the attacker's specified websites when trying to access the SSL-VPN web portal. Improper access control FortiOS 5.4.0 to 6.0.4, 5.2.14 and below. Upgrade to FortiOS 5.2.15, 6.0.5 or 6.2.0Workarounds:The risk is low as the attack needs to be combined with other attacks to have an impact.As a measure of precaution, administrators may want to disable the SSL-VPN web portal service by applying the following CLI commands:config vpn ssl settingsunset source-interfaceendRevision History:2019-05-17 Initial version2020-01-03 New fix on 5.2.15 released. Fortinet is pleased to thank Julio Sanchez from SecureAuth Corporation for reporting this vulnerability under responsible disclosure. CVE-2018-13384 3.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-19-002 SSL VPN web portal Host Header Redirection Reference>