Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0596 FortiOS URL redirection attack via the admin password change page 20 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FortiOS Publisher: Fortinet Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-6696 Original Bulletin: https://fortiguard.com/psirt/FG-IR-19-179 - --------------------------BEGIN INCLUDED TEXT-------------------- FortiOS URL redirection attack via the admin password change page IR Number : FG-IR-19-179 Date : Feb 18, 2020 Risk : 3/5 Impact : Execute unauthorized code or commands CVE ID : CVE-2019-6696 CVE ID : CVE-2019-6696 CVE ID : CVE-2019-6696 Summary An improper input validation vulnerability in FortiOS admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. An attacker could potentially redirect unsuspecting admin users to a malicious website, should they click on a specifically crafted URL provided by the attacker and pointing to the FortiOS webUI admin password initial change page. Impact Execute unauthorized code or commands Affected Products FortiOS 6.2.1, 6.2.0, 6.0.8 and below versions until 5.4.0. (versions lower than 5.4.0 are not impacted) Solutions Upgrade to FortiOS 6.2.2 or 6.0.9 or above Acknowledgement Fortinet is pleased to thank "Independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev" for reporting this vulnerability under responsible disclosure. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXk4zq2aOgq3Tt24GAQjPvxAAid7pf/DhAgsDpWSHkcrAXtkRgLG4N8LW SZjVtodQy+lntrMFttzlW7kyNabnKwjoFHY+ogFH/YUgdMP7aVXa/1yDRQA2t+Dd j9VBJ3TMsqjhFjpL+cEDVQnVXS++JMJva6XCg3NdV2EqYEc2N/G6l4kTuj9/LN8B Y6PtFtrhp3gQeGxa72VoM2N8nCXjEiilmkOESS8PekZ3Ahc04Aa26b2OvnTAFCsq V4qO9MoDkf0bbXrGjGK+7Bjhn8V1eympkE/UpNkvRG32rRNvr3sOYABaIBXa7b3l 1+treH81Dz3fdd9I4Htfm6pRS/OrYDS/hJySOP3Nt3WwhrIEkD4eCHI7bFsgxdIu F/IvGOVZK1VaDewxVgzy+fETrws1nXlZyPS9vTgJKuN6jncurUFiS43Gz4AXPoJH 7JgyZBCEFVWU9iIccBRFsYxqmf0jbYa2SLphbm//FHQrXRCW6/o15TQg4WbU5XUw Y5m5aH8ND1Qn2S2ed/V8UyK9b/XFMUglSa0HWcUOuxhz1LgslBIuaWgmNL6rFEbf L02AZ3Ua+uhdAO09MAVqUGiVDGxMsz95iQ8JppH62ezIx30b1DsvjO3v6zI36gOx dYLsaHeYePlK7GLoRNW0YiaDOMSS4mBd8slEPTVHKlM/REXI3AZtu8oB1ysAbp4Y C7Uh+9hwQFc= =CNVo -----END PGP SIGNATURE-----