copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2016.0711.2 - UPDATE [Appliance] FortiOS: Provide misleading information - Remote with user interaction

Date: 23 March 2016

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2016.0711.2
                    FortiOS open redirect vulnerability
                               23 March 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           FortiOS
Publisher:         FortiGuard
Operating System:  Network Appliance
Impact/Access:     Provide Misleading Information -- Remote with User Interaction
                   Cross-site Scripting           -- Remote with User Interaction
Resolution:        Patch/Upgrade

Original Bulletin: 
   http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability

Comment: Users are advised an exploit program for this vulnerability was 
         released on 22 March 2016. The risk associated to the present 
         advisory has consequently been raised from "Medium" to "High".

Revision History:  March 23 2016: Public release of an exploit program
                   March 17 2016: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

FortiOS open redirect vulnerability

Info

Risk 2 Low

Date Mar 16 2016

Impact Open redirect

Fixed In Firmware 5.0.13 / 5.2.3 / 5.4.0

The FortiOS webui accepts a user-controlled input that specifies a link to an
external site, and uses that link in a redirect. The redirect input parameter
is also prone to a cross site scripting.

Impact

Open redirect

Affected Products

FortiOS

Risk

2 Low

Solutions

Upgrade to one the following FortiOS versions:

    5.0 branch: 5.0.13 or above

    5.2 branch: 5.2.3 or above

    5.4 branch: 5.4.0 or above

4.3 and lower branches are not affected by this vulnerability.

Acknowledgement

Fortinet is pleased to thanks to Javier Nieto from www.behindthefirewalls.com
for reporting a FortiOS vulnerability under responsible disclosure

References

    https://cwe.mitre.org/data/definitions/601.html

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVvHvg36ZAP0PgtI9AQJ2/BAAkcd+nsn7tp8ppe6ipkEs+UTY2JTSxa5m
u6lKrdi5anJ3ZysnPvuo9hP7utyLD+EhQl9Ikx002MpA9++vB3rLPMnLtc9dbwI1
dRWyr9lZvc4UDOk4wdlHez2oLaVNklUz6o7ulc6kAB4wh8hAxJC4KJwQMlCzzpsk
XSO3EA4b+Z3trKmzH+b6+vqreoVUpED0t+XSZBdcgepAve4RcieXcJsmCFfhoiXe
cHIA6JQouYP2Slg4iH8zPUiFAhjvepycVQ+l7m6BtQ9mKecbHgnYik47O0UQP5r7
ZnODaY4InM3s7P2ZLnLcrxDaX9+Y7EqbJc37I2FOMYHySN1qiThwp66tMuc7ZWyq
gsn0G7V0FW6Ba/8krLxB3JESsiJPg1NTZ/vZY8VP3DhDxUX/Muuj1NsOYzSOYMXK
uWZ6mJAGLxTVnkBRE8sCIsrwFCKwUcncS2Ne3XvNY5hxSZuVvBwndQVoM4Sjy/Pp
6E9MvjGrEKkZXqALOVQ2+HymPRCyQnMK3GkbnAGQAnUDQ+TH0HJ8WjND45VYDRjQ
lFLR+Xt4tk8QsSDwGHmK0mxw+IaqcNa4yKahvJCcdpAXxc4CHIZFQEoC/JCZ6yc2
XGdNmjBVnoca+wEIoG18foDJiZw/Gy8CYqp5C0h6Cz8uWWpCPlGWHN03QuKMBPvR
Wi0MJq7dt9Y=
=kSG4
-----END PGP SIGNATURE-----