OpenRedirect in Malicious Generated PDF Document on FortiAnalyzer and FortiManager
An open redirect vulnerability exists in FortiAnalyzer and FortiManager when a user of the GUI is converting an HTML table to a PDF document via the FortiView feature, due to lack of user input sanitization.
An attacker may be able to social engineer a user of the FortiAnalyzer/FortiManager GUI into generating a PDF file containing malicious URLs.
FortiAnalyzer 6.0.0 and below.
FortiManager 6.0.0 and below, when the FortiView feature is enabled.
FortiAnalyzer: upgrade to 6.0.1 or above.
FortiManager: upgrade to 6.0.1 or above.
Since both FortiAnalyzer and FortiManager already have tokens to block Cross-site Request Forgery (CSRF) attacks, the risk of successful exploitation of this vulnerability is low, and mostly relies on social engineering.
Fortinet is pleased to thank Donato Onofri, Luca Napolitano and Francesca Perrone of Business Integration Partners S.p.A. reporting this vulnerability under responsible disclosure.