CVE-2018-13384

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions prior to 6.0.5

Description A Host Header Redirection issue allows a remote attacker to potentially poison HTTP cache and redirect SSL VPN web portal users to arbitrary web domains. This is achieved by submitting specially crafted HTTP requests to the SSL-VPN web portal, which may respond with a redirection to attacker-specified websites. If a web proxy's cache is poisoned with this redirection, users may be directed to the attacker's specified websites when trying to access the SSL-VPN web portal.

Recommendations For versions prior to 6.0.5, update to version 6.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSL-VPN web portal to minimize the risk of exploitation. Additionally, avoid using web proxies that may have cached the malicious redirection until the issue is resolved.