First published: Fri May 26 2017(Updated: )
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiAnalyzer | =5.4.0 | |
Fortinet FortiAnalyzer | =5.4.1 | |
Fortinet FortiAnalyzer | =5.4.2 | |
Fortinet FortiManager | =5.4.0 | |
Fortinet FortiManager | =5.4.1 | |
Fortinet FortiManager | =5.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-3126 is classified as a critical vulnerability due to its potential for remote code execution.
To fix CVE-2017-3126, upgrade Fortinet FortiAnalyzer and FortiManager to versions 5.4.3 or later.
CVE-2017-3126 affects Fortinet FortiAnalyzer versions 5.4.0 to 5.4.2 and FortiManager versions 5.4.0 to 5.4.2.
Yes, CVE-2017-3126 can be exploited remotely if the affected software is accessible over the internet.
CVE-2017-3126 is an open redirect vulnerability that allows attackers to execute unauthorized code or commands.