Fortinet FortiAnalyzer and FortiManager Open Redirect Vulnerability Fixed by 5.4.3


Description   (:An open redirect vulnerability has been identified in the web interface of Fortinet FortiAnalyzer and FortiManager.:A remote attacker could exploit it by inciting their victims to follow a specially crafted link in order to redirect to a malicious website.::This vulnerability stems from the fact that the vulnerable products accept a user-controlled input that specifies a link to an external site, and use that link in a redirect.)
     
Vulnerable Products   Vulnerable OS:
FortiAnalyzer (Fortinet) - 5.4.0, 5.4.1, 5.4.2FortiManager (Fortinet) - 5.4.0, 5.4.1, 5.4.2
     
Solution   Version 5.4.3 of Fortinet FortiAnalyzer and FortiManager fixes this vulnerability.
     
CVE   CVE-2017-3126
     
References   - FG-IR-17-014 : FortiAnalyzer, FortiManager Open Redirect Vulnerability
http://fortiguard.com/psirt/FG-IR-17-014
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-04-26 

 Target Type 
Client 

 Possible exploit 
Remote