Main Vulnerability Database Vulnerabilities #VU34740

Open redirect in FortiOS - CVE-2019-6696

Published: March 16, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34740

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-6696

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.

How to mitigate CVE-2019-6696

Install update from vendor's website.

Sources

https://fortiguard.com/psirt/FG-IR-19-179

Open redirect in FortiOS - CVE-2019-6696

Detailed vulnerability description

How to mitigate CVE-2019-6696

Sources

Please verify you're human