CVE-2018-1355

Name of the Vulnerable Software and Affected Versions FortiManager versions 6.0.0 and prior, 5.6.5 and below FortiAnalyzer versions 6.0.0 and prior, 5.6.5 and below

Description The issue allows an attacker to inject script code during the conversion of a HTML table to a PDF document under the FortiView feature. This can be achieved by exploiting an open redirect vulnerability, potentially enabling the attacker to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.

Recommendations For FortiManager versions 6.0.0 and prior, 5.6.5 and below, consider disabling the FortiView feature until a patch is available. For FortiAnalyzer versions 6.0.0 and prior, 5.6.5 and below, restrict access to the FortiView feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.