CVE-2018-1355

Published: Jun 27, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.

Affected (4)

Products: Fortinet: Fortianalyzer, Fortimanager

2 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortianalyzer	Up to 5.6.5
Fortinet Fortianalyzer	Version 6.0.0
Fortinet Fortimanager	Up to 5.6.5
Fortinet Fortimanager	Version 6.0.0

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (8)

http://www.securityfocus.com/bid/104546

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041184

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041185

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-18-022

Source: psirt@fortinet.com

Vendor Advisory

http://www.securityfocus.com/bid/104546

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041184

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041185

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-18-022

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.