Main Vulnerability Database Vulnerabilities #VU6779

#VU6779 Open redirect in FortiAnalyzer and FortiManager - CVE-2017-3126

Published: May 26, 2017 / Updated: June 16, 2017

Vulnerability identifier: #VU6779

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-3126

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiAnalyzer
FortiManager

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to redirect website visitors to external websites.

The weakness exists due to incorrect validation of redirected URL. A remote attacker can create a specially crafted link and redirect the victim on potentially dangerous website.

Successful exploitation of the vulnerability may allow an attacker to perform phishing attack.

Remediation

Update to version 5.4.3.

External links

http://fortiguard.com/psirt/FG-IR-17-014