OpenRedirect in Malicious Generated PDF Document on FortiAnalyzer and FortiManager
An open redirect vulnerability exists in FortiAnalyzer and FortiManager when a user of the GUI is converting an HTML table to a PDF document via the FortiView feature, due to lack of user input sanitization.
An attacker may be able to social engineer a user of the FortiAnalyzer/FortiManager GUI into generating a PDF file containing malicious URLs.
FortiAnalyzer 6.0.0, 5.6.5 and below.
FortiManager 6.0.0, 5.6.5 and below, when the FortiView feature is enabled.
FortiAnalyzer: upgrade to 5.6.6, 6.0.1 or above.
FortiManager: upgrade to 5.6.6, 6.0.1 or above.
Since both FortiAnalyzer and FortiManager already have tokens to block Cross-site Request Forgery (CSRF) attacks, the risk of successful exploitation of this vulnerability is low, and mostly relies on social engineering.
06-22-2018 Initial Version.
09-26-2018 New 5.6 branch fix added.
Fortinet is pleased to thank Donato Onofri, Luca Napolitano and Francesca Perrone of Business Integration Partners S.p.A. reporting this vulnerability under responsible disclosure.