CVE-2018-1355 - OpenCVE

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet	Fortianalyzer Fortimanager

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer:6.0.0:::::::*
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager:6.0.0:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104546
http://www.securitytracker.com/id/1041184
http://www.securitytracker.com/id/1041185
https://fortiguard.com/advisory/FG-IR-18-022

History

No history.

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2018-06-27T20:00:00Z

Updated: 2024-09-16T16:33:16.372Z

Reserved: 2017-12-11T00:00:00

Link: CVE-2018-1355

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-06-27T20:29:04.933

Modified: 2019-03-08T13:46:47.527

Link: CVE-2018-1355

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Fortinet FortiManager, FortiAnalyzer", "vendor": "Fortinet, Inc.", "versions": [{"status": "affected", "version": "FortiManager 6.0.0, 5.6.5 and below versions"}, {"status": "affected", "version": "FortiAnalyzer 6.0.0, 5.6.5 and below versions"}]}], "datePublic": "2018-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs."}], "problemTypes": [{"descriptions": [{"description": "Execute unauthorized code or commands", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-27T12:57:02", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"name": "104546", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104546"}, {"name": "1041185", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041185"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-18-022"}, {"name": "1041184", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041184"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "DATE_PUBLIC": "2018-06-27T00:00:00", "ID": "CVE-2018-1355", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiManager, FortiAnalyzer", "version": {"version_data": [{"version_value": "FortiManager 6.0.0, 5.6.5 and below versions"}, {"version_value": "FortiAnalyzer 6.0.0, 5.6.5 and below versions"}]}}]}, "vendor_name": "Fortinet, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "references": {"reference_data": [{"name": "104546", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104546"}, {"name": "1041185", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041185"}, {"name": "https://fortiguard.com/advisory/FG-IR-18-022", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-18-022"}, {"name": "1041184", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041184"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:59:38.991Z"}, "title": "CVE Program Container", "references": [{"name": "104546", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104546"}, {"name": "1041185", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041185"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-18-022"}, {"name": "1041184", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041184"}]}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2018-1355", "datePublished": "2018-06-27T20:00:00Z", "dateReserved": "2017-12-11T00:00:00", "dateUpdated": "2024-09-16T16:33:16.372Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A0081B7-6068-4F35-92C0-B51196BC2F6D", "versionEndIncluding": "5.6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C588A627-EBF3-400F-88D6-62D08F9BEB3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "587A6B16-B611-4A84-A890-03536A2C3E05", "versionEndIncluding": "5.6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6662CFD-6DAD-4187-AE80-0B7EE99CEB96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs."}, {"lang": "es", "value": "Una vulnerabilidad de redirecci\u00f3n abierta en Fortinet FortiManager en versiones 6.0.0, 5.6.5 y anteriores y en FortiAnalyzer en versiones 6.0.0, 5.6.5 y anteriores permite que un atacante inyecte c\u00f3digo de script durante la conversi\u00f3n de una tabla HTML a documento HTML en la caracter\u00edstica FortiView. Un atacante podr\u00eda ser capaz de emplear ingenier\u00eda social sobre un usuario autenticado para que genere un archivo PDF que contiene URL maliciosas inyectadas."}], "id": "CVE-2018-1355", "lastModified": "2019-03-08T13:46:47.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-27T20:29:04.933", "references": [{"source": "psirt@fortinet.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104546"}, {"source": "psirt@fortinet.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041184"}, {"source": "psirt@fortinet.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041185"}, {"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-18-022"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}