A few new vulnerabilities have been released for the Fortinet FortiManager product.

  • XSS vulnerability
  • Admin user avatar setting improper access control
  • Open redirection

FortiManager XSS vulnerability when view config under Revision History

A potential Cross-site Scripting (XSS) vulnerability exists in FortiManager: Displayed data is not sanitized when an administrator views the managed devices configuration, in the installation revision history of the GUI.

The risk of successful exploitation is however low, because injection of malicious code needs to happen in the managed device’s CLI configurations, which are generally trusted.

Read more: FortiGuard Labs

FortiAnalyzer and FortiManager admin user avatar setting improper access control

An improper access control vulnerability exists in FortiAnalyzer and FortiManager, whereby a regular user of the GUI can can edit the avatar picture of other users (including with higher privileges) with arbitrary content.

Modern browsers would however not interpret code in the context of an image, therefore XSS attacks are only feasible if the target is using a legacy browser (I.E. 6 or below).

Read more: FortiGuard Labs

OpenRedirect in Malicious Generated PDF Document on FortiAnalyzer and FortiManager

An open redirect vulnerability exists in FortiAnalyzer and FortiManager when a user of the GUI is converting an HTML table to a PDF document via the FortiView feature, due to lack of user input sanitization.

An attacker may be able to social engineer a user of the FortiAnalyzer/FortiManager GUI into generating a PDF file containing malicious URLs.

Read more: FortiGuard Labs




 Register for your FREE Threat Check today: https://fns1.com/threatcheck/