Open redirect

2021-12-0813:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

A url redirection to untrusted site (‘open redirect’) in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.

CPENameOperatorVersion
fortiwebeq6.4.0
fortiwebge6.3.0
fortiweble6.3.15
fortiwebeq6.4.1
fortiwebge6.2.0
fortiweble6.2.6

Name	Operator	Version
fortiweb	eq	6.4.0
fortiweb	ge	6.3.0
fortiweb	le	6.3.15
fortiweb	eq	6.4.1
fortiweb	ge	6.2.0
fortiweb	le	6.2.6

References

fortiguard.com/advisory/FG-IR-21-168