CVE-2018-1355 — Open Redirect in Fortinet Fortianalyzer

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 54.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager

Timeline

PublishedJun 27

Latest updateMay 14

Description

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortimanager5.6.5+1

▶NVDfortinet/fortianalyzer5.6.5+1

🔴Vulnerability Details

GHSA

GHSA-8593-j8v5-33h8: An open redirect vulnerability in Fortinet FortiManager 6↗2022-05-14

▶

CVEList

CVE-2018-1355: An open redirect vulnerability in Fortinet FortiManager 6↗2018-06-27

▶

📋Vendor Advisories

Fortinet

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and...↗2018-06-27

▶