PSIRT

OpenRedirect in Malicious Generated PDF Document on FortiAnalyzer

Summary

An open redirect vulnerability exists in FortiAnalyzer and FortiManager when a user of the GUI is converting an HTML table to a PDF document via the FortiView feature, due to lack of user input sanitization.

An attacker may be able to social engineer a user of the FortiAnalyzer/FortiManager GUI into generating a PDF file containing malicious URLs.

Affected Products

FortiAnalyzer 6.0.0 and below.
FortiManager 6.0.0 and below, when the FortiView feature is enabled.

Solutions

FortiAnalyzer: upgrade to 6.0.1 or above.
FortiManager: upgrade to 6.0.1 or above.
Since both FortiAnalyzer and FortiManager already have tokens to block Cross-site Request Forgery (CSRF) attacks, the risk of successful exploitation of this vulnerability is low, and mostly relies on social engineering.

Acknowledgement

Fortinet is pleased to thank Donato Onofri, Luca Napolitano and Francesca Perrone of Business Integration Partners S.p.A. reporting this vulnerability under responsible disclosure.

IR Number	FG-IR-18-022
Published Date	Jun 22, 2018
Severity	Low
Discovered	External
Attack Type	Authenticated
Known Exploited	No
CVSSv3 Score	0
Impact	Execute unauthorized code or commands
CVE ID
Download	CVRF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

OpenRedirect in Malicious Generated PDF Document on FortiAnalyzer

Summary

Affected Products

Solutions

Acknowledgement

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

OpenRedirect in Malicious Generated PDF Document on FortiAnalyzer

Summary

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center