Description
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.
Affected products
- fortinet / Fortinet FortiOS6.2.1 – 6.2.1
- fortinet / Fortinet FortiOS6.2.0 – 6.2.0
- fortinet / Fortinet FortiOS6.0.8 and below until 5.4.0 – 6.0.8 and below until 5.4.0
References
- VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-19-179