Multiple vulnerabilities in Fortinet FortiManager and FortiAnalyzer

Published: 2018-06-29

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2018-1354 CVE-2018-1355
CWE-ID	CWE-284 CWE-601
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	FortiAnalyzer Server applications / IDS/IPS systems, Firewalls and proxy servers FortiManager Server applications / IDS/IPS systems, Firewalls and proxy servers
Vendor	Fortinet, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU13513

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1354

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions that allows a regular user edit the avatar picture of other users with arbitrary content.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FortiAnalyzer: 5.0.0 - 6.0.0

FortiManager: 5.0.0 - 6.0.0

External links

http://fortiguard.com/psirt/FG-IR-18-014

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Open redirect

EUVDB-ID: #VU13525

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1355

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')