First published: Wed Dec 08 2021(Updated: )
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.
Credit: psirt@fortinet.com psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiWeb | >=6.2.0<=6.2.6 | |
Fortinet FortiWeb | >=6.3.0<=6.3.15 | |
Fortinet FortiWeb | =6.4.0 | |
Fortinet FortiWeb | =6.4.1 | |
>=6.2.0<=6.2.6 | ||
>=6.3.0<=6.3.15 | ||
=6.4.0 | ||
=6.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43064 is a vulnerability in Fortinet FortiWeb that allows an attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.
Versions 6.4.1, 6.4.0, 6.3.15 and below, 6.2.6 and below of Fortinet FortiWeb are affected by CVE-2021-43064.
The severity of CVE-2021-43064 is medium with a CVSS score of 6.1.
An attacker can exploit CVE-2021-43064 by performing a URL redirection to an untrusted site, also known as an open redirect, which allows them to use the device as a proxy and reach external or protected hosts.
Yes, Fortinet has released a fix for CVE-2021-43064. It is recommended to update to the latest version of Fortinet FortiWeb to address this vulnerability.