PSIRT Advisory

FortiOS URL redirection attack via the admin password change page

Summary

An improper input validation vulnerability in FortiOS admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.


An attacker could potentially redirect unsuspecting admin users to a malicious website, should they click on a specifically crafted URL provided by the attacker and pointing to the FortiOS webUI admin password initial change page.

Impact

Execute unauthorized code or commands

Affected Products

FortiOS 6.2.1, 6.2.0, 6.0.8 and below versions until 5.4.0.

(versions lower than 5.4.0 are not impacted)

Solutions

Upgrade to FortiOS 6.2.2 or 6.0.9 or above

Acknowledgement

Fortinet is pleased to thank "Independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev" for reporting this vulnerability under responsible disclosure.