PSIRT Advisory

OpenRedirect in Malicious Generated PDF Document on FortiAnalyzer and FortiManager

Summary

An open redirect vulnerability exists in FortiAnalyzer and FortiManager when a user of the GUI is converting an HTML table to a PDF document via the FortiView feature, due to lack of user input sanitization.


An attacker may be able to social engineer a user of the FortiAnalyzer/FortiManager GUI into generating a PDF file containing malicious URLs.

Impact

Open redirection

Affected Products

FortiAnalyzer 6.0.0, 5.6.5 and below.
FortiManager 6.0.0, 5.6.5 and below, when the FortiView feature is enabled.

Solutions

FortiAnalyzer: upgrade to 5.6.6, 6.0.1 or above.
FortiManager: upgrade to 5.6.6, 6.0.1 or above.


Since both FortiAnalyzer and FortiManager already have tokens to block Cross-site Request Forgery (CSRF) attacks, the risk of successful exploitation of this vulnerability is low, and mostly relies on social engineering.


Update History:
06-22-2018 Initial Version.
09-26-2018 New 5.6 branch fix added.

Acknowledgement

Fortinet is pleased to thank Donato Onofri, Luca Napolitano and Francesca Perrone of Business Integration Partners S.p.A. reporting this vulnerability under responsible disclosure.