CVE-2019-6696 — Improper Input Validation in Fortinet Fortios

CWE-20 — Improper Input Validation CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 58.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortios

Timeline

PublishedMar 15

Latest updateMay 24

Description

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortios5.4.0 — 6.0.8+2

▶CVEListV5fortinet/fortinet_fortios6.0.8 and below until 5.4.0, 6.2.0, 6.2.1+2

🔴Vulnerability Details

GHSA

GHSA-c66r-j7v3-prf5: An improper input validation vulnerability in FortiOS 6↗2022-05-24

▶

CVEList

CVE-2019-6696: An improper input validation vulnerability in FortiOS 6↗2020-03-15

▶

📋Vendor Advisories

Fortinet

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may al...↗2020-03-15

▶