PT-2021-23741 · Fortinet · Fortiweb
Published
2021-12-08
·
Updated
2021-12-09
·
CVE-2021-43064
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiWeb versions 6.4.1 through 6.4.0
Fortinet FortiWeb version 6.3.15 and below
Fortinet FortiWeb version 6.2.6 and below
Description
The issue allows for a url redirection to an untrusted site, also known as an 'open redirect', enabling an attacker to use the device as a proxy to reach external or protected hosts via redirection handlers.
Recommendations
For Fortinet FortiWeb versions 6.4.1 and 6.4.0, update to a version that fixes the issue.
For Fortinet FortiWeb version 6.3.15 and below, update to a version that fixes the issue.
For Fortinet FortiWeb version 6.2.6 and below, update to a version that fixes the issue.
As a temporary workaround, consider restricting access to redirection handlers to minimize the risk of exploitation.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiweb