CVE-2023-22641 — Open Redirect in Fortinet Fortios

CWE-601 — Open Redirect4 documents4 sources

Severity

5.4MEDIUMNVD

CNA4.1

EPSS

0.2%

top 64.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedApr 11

Description

A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶NVDfortinet/fortiproxy7.0.0 — 7.0.9+2

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.2+5

▶NVDfortinet/fortios6.0.0 — 6.4.13+2

▶CVEListV5fortinet/fortios7.2.0 — 7.2.3+4

🔴Vulnerability Details

CVEList

CVE-2023-22641: A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7↗2023-04-11

▶

GHSA

GHSA-x47v-w3jf-m3q9: A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7↗2023-04-11

▶

📋Vendor Advisories

Fortinet

Open redirect in sslvpnd↗2023-04-11

▶