Vulnerability Description
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | <= 5.6.5 |
| Fortinet | Fortimanager | <= 5.6.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104546Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041184Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041185Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-18-022Vendor Advisory
- http://www.securityfocus.com/bid/104546Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041184Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041185Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-18-022Vendor Advisory
FAQ
What is CVE-2018-1355?
CVE-2018-1355 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML ta...
How severe is CVE-2018-1355?
CVE-2018-1355 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1355?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortianalyzer, Fortinet Fortimanager.