Operating System:

[Appliance]

Published:

06 January 2020

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2019.1823.2 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.1823.2
            FortiOS SSL VPN web portal Host Header Redirection
                              6 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Fortinet SSL VPN
Publisher:         Fortinet
Operating System:  Network Appliance
Impact/Access:     Provide Misleading Information -- Remote with User Interaction
                   Reduced Security               -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-13384  

Original Bulletin: 
   https://fortiguard.com/psirt/FG-IR-19-002

Revision History:  January  6 2020: New fix on 5.2.15 released
                   May     22 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

FortiOS SSL VPN web portal Host Header Redirection

IR Number : FG-IR-19-002
Date      : May 17, 2019
Risk      : 2/5
Impact    : Improper Access Control
CVE ID    : CVE-2018-13384

Summary

A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal:
when an attacker submits specially crafted HTTP requests, the SSL-VPN web
portal may respond with a redirection to websites specified by the attacker.


If a web proxy's cache is poisoned with the aforementioned redirection, users
of this web proxy may be directed to the attacker's specified websites when
trying to access the SSL-VPN web portal.

Impact

Improper Access Control

Affected Products

FortiOS 5.4.0 to 6.0.4, 5.2.14 and below.

Solutions

Upgrade to FortiOS 5.2.15, 6.0.5 or 6.2.0


Workarounds:


The risk is low as the attack needs to be combined with other attacks to have
an impact.


As a measure of precaution, administrators may want to disable the SSL-VPN web
portal service by applying the following CLI commands:

config vpn ssl settings
unset source-interface
end


Revision History:
2019-05-17 Initial version
2020-01-03 New fix on 5.2.15 released.

Acknowledgement

Fortinet is pleased to thank Julio Sanchez from SecureAuth Corporation for
reporting this vulnerability under responsible disclosure.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXhLEHWaOgq3Tt24GAQicchAAonxTDKUuGdrljxS9bTCbaA7cuLeKMlQk
ATjHbd84S7Fm9UjjGSP2lBpv8rU2/Cf0lC++pAXpkKfQD9nEZWvCRpsr88xKHd6r
KYyWdHFOCV2eZgHZjsKQgte1lByCJ/0zQyFGKQlyLHmsBhHEwSuA8Nx8zmcLWT3K
IM20PxNEP49KGEKRO3Z5zGXw8Ja/cr8TN7jGMKuG4Uud5TnfQ7WSagA6U40rE+ai
iThTpNpINoobtpYCkz3J5gZn8py6n09duNyuYybLG9p6kkH9n3P64pZTPl+AOn6y
kc2G9jS1FPjkw6sIwVpUb+i7yuHt2wkhkaWmf9z637Kvlt0J4WYxq6Sstx9Z4yQC
mW8l1oxaVrnO6IHg6uz/LzXetAtwuoh5g5rjmk5sMd3J1PCJowQGaDw22yCR8j79
mv1ER8pYYn+zZLW11HyKUJu6vt6Rpx+g+UMlt8m9Xggi1HM59xok/irRbfOxE3Os
NThHxbLIMB2leNfMmFUu58CoNZ+oonTeHhIYxKmVgpVzo+CHR4WTNIysRnXJb9tF
ELpiXb4DQ7u42AY7+GQflh0qQeepjEdsxRYWtWLv7QqJTYup1d+KhZ8W2tWltnG9
2SPUlm8tqeSYwvJqLlBG3kQq8XdLjkMtQHCEg/RQzBq2ECRgkcJz9+U0P4xqR4xs
sFnmXuxJ7MI=
=l4sC
-----END PGP SIGNATURE-----