Operating System:

[Appliance]

Published:

20 February 2020

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2020.0596 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0596
     FortiOS URL redirection attack via the admin password change page
                             20 February 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           FortiOS
Publisher:         Fortinet
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-6696  

Original Bulletin: 
   https://fortiguard.com/psirt/FG-IR-19-179

- --------------------------BEGIN INCLUDED TEXT--------------------

FortiOS URL redirection attack via the admin password change page

IR Number : FG-IR-19-179

Date      : Feb 18, 2020

Risk      : 3/5

Impact    : Execute unauthorized code or commands

CVE ID    : CVE-2019-6696

CVE ID    : CVE-2019-6696

CVE ID    : CVE-2019-6696

Summary

An improper input validation vulnerability in FortiOS admin webUI may allow an
attacker to perform an URL redirect attack via a specifically crafted request
to the admin initial password change webpage.


An attacker could potentially redirect unsuspecting admin users to a malicious
website, should they click on a specifically crafted URL provided by the
attacker and pointing to the FortiOS webUI admin password initial change page.

Impact

Execute unauthorized code or commands

Affected Products

FortiOS 6.2.1, 6.2.0, 6.0.8 and below versions until 5.4.0.

(versions lower than 5.4.0 are not impacted)

Solutions

Upgrade to FortiOS 6.2.2 or 6.0.9 or above

Acknowledgement

Fortinet is pleased to thank "Independent research team Denis Kolegov, Maxim
Gorbunov, Nikita Oleksov and Anton Nikolaev" for reporting this vulnerability
under responsible disclosure.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXk4zq2aOgq3Tt24GAQjPvxAAid7pf/DhAgsDpWSHkcrAXtkRgLG4N8LW
SZjVtodQy+lntrMFttzlW7kyNabnKwjoFHY+ogFH/YUgdMP7aVXa/1yDRQA2t+Dd
j9VBJ3TMsqjhFjpL+cEDVQnVXS++JMJva6XCg3NdV2EqYEc2N/G6l4kTuj9/LN8B
Y6PtFtrhp3gQeGxa72VoM2N8nCXjEiilmkOESS8PekZ3Ahc04Aa26b2OvnTAFCsq
V4qO9MoDkf0bbXrGjGK+7Bjhn8V1eympkE/UpNkvRG32rRNvr3sOYABaIBXa7b3l
1+treH81Dz3fdd9I4Htfm6pRS/OrYDS/hJySOP3Nt3WwhrIEkD4eCHI7bFsgxdIu
F/IvGOVZK1VaDewxVgzy+fETrws1nXlZyPS9vTgJKuN6jncurUFiS43Gz4AXPoJH
7JgyZBCEFVWU9iIccBRFsYxqmf0jbYa2SLphbm//FHQrXRCW6/o15TQg4WbU5XUw
Y5m5aH8ND1Qn2S2ed/V8UyK9b/XFMUglSa0HWcUOuxhz1LgslBIuaWgmNL6rFEbf
L02AZ3Ua+uhdAO09MAVqUGiVDGxMsz95iQ8JppH62ezIx30b1DsvjO3v6zI36gOx
dYLsaHeYePlK7GLoRNW0YiaDOMSS4mBd8slEPTVHKlM/REXI3AZtu8oB1ysAbp4Y
C7Uh+9hwQFc=
=CNVo
-----END PGP SIGNATURE-----