Fortinet FortiOS is prone to a URI-redirection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.
Fortinet FortiOS 5.0 and prior, 5.2.0 through 5.2.12, 5.4.0 through 5.4.6 and 5.6.0 through 5.6.2 are vulnerable.
Information
Fortinet Fortios 5.6
Fortinet Fortios 5.4.6
Fortinet Fortios 5.4.5
Fortinet Fortios 5.4.4
Fortinet Fortios 5.4.3
Fortinet Fortios 5.4.2
Fortinet Fortios 5.4.1
Fortinet Fortios 5.2.12
Fortinet Fortios 5.2.11
Fortinet Fortios 5.2.8
Fortinet Fortios 5.2.6
Fortinet Fortios 5.2.5
Fortinet Fortios 5.2.4
Fortinet Fortios 5.2.3
Fortinet Fortios 5.2.2
Fortinet Fortios 5.2.1
Fortinet Fortios 5.6.1
Fortinet Fortios 5.4.0
Fortinet Fortios 5.2.9
Fortinet Fortios 5.2.10
Fortinet Fortios 5.2.0
Fortinet FortiOS 5.0
Exploit
To exploit these issues an attacker must entice an unsuspecting victim to open a malicious URI.
References:
- FortiOS Homepage (Fortinet)
- FortiGate SSL VPN web portal login redir XSS vulnerability (Fortinet)