CVE-2021-43064

CWE-601Open Redirect4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 52.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwebFortinet Fortinet Fortiweb
Timeline
PublishedDec 8
Latest updateDec 9

Description

A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortiweb6.2.06.2.6+3
CVEListV5fortinet/fortinet_fortiwebFortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-56m9-2h59-x23m: A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 62021-12-09
CVEList
CVE-2021-43064: A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 62021-12-08

📋Vendor Advisories

1
Fortinet
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and b...2021-12-08
CVE-2021-43064 (MEDIUM CVSS 6.1) | A url redirection to untrusted site | cvebase.io