Fortinet Fortios 3.1.0 Remote Code Execution Vulnerability

Summary

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.

Credit:

The information has been provided by Julio Sanchez
The original article can be found at:   https://fortiguard.com/psirt/FG-IR-19-002


Details

Fortinet Fortios  is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Vulnerable Systems:

  • Fortinet Fortios 3.1.0
  • Fortinet Fortios 3.2.0
  • Fortinet Fortios 3.3.0
  • Fortinet Fortios 3.3.3
  • Fortinet Fortios 3.3.5
  • Fortinet Fortios 3.3.6
  • Fortinet Fortios 3.3.7
  • Fortinet Fortios 3.3.8
  • Fortinet Fortios 3.3.9
  • Fortinet Fortios 3.3.10
  • Fortinet Fortios 3.3.11
  • Fortinet Fortios 3.3.12
  • Fortinet Fortios 3.3.13
  • Fortinet Fortios 3.3.14
  • Fortinet Fortios 3.4.0
  • Fortinet Fortios 3.4.1
  • Fortinet Fortios 3.4.2
  • Fortinet Fortios 3.4.3
  • Fortinet Fortios 3.4.4
  • Fortinet Fortios 3.4.5
  • Fortinet Fortios 3.5.0
  • Fortinet Fortios 3.5.1
  • Fortinet Fortios 3.5.2
  • Fortinet Fortios 3.5.3
  • Fortinet Fortios 3.5.4
  • Fortinet Fortios 3.5.5
  • Fortinet Fortios 3.5.6
  • Fortinet Fortios 3.5.7
  • Fortinet Fortios 3.6.0
  • Fortinet Fortios 3.6.1
  • Fortinet Fortios 3.6.2
  • Fortinet Fortios 3.6.3
  • Fortinet Fortios 3.6.4
  • Fortinet Fortios 3.6.5
  • Fortinet Fortios 3.6.6
  • Fortinet Fortios 3.7.0
  • Fortinet Fortios 3.7.1
  • Fortinet Fortios 3.7.2
  • Fortinet Fortios 3.7.3
  • Fortinet Fortios 3.7.4
  • Fortinet Fortios 3.7.5
  • Fortinet Fortios 3.7.6
  • Fortinet Fortios 3.7.7
  • Fortinet Fortios 3.7.8
  • Fortinet Fortios 3.7.9
  • Fortinet Fortios 3.7.10
  • Fortinet Fortios 4.0.0
  • Fortinet Fortios 4.0.1
  • Fortinet Fortios 4.0.2
  • Fortinet Fortios 4.0.3
  • Fortinet Fortios 4.0.4
  • Fortinet Fortios 4.1.0
  • Fortinet Fortios 4.1.1
  • Fortinet Fortios 4.1.2
  • Fortinet Fortios 4.1.3
  • Fortinet Fortios 4.1.4
  • Fortinet Fortios 4.1.5
  • Fortinet Fortios 4.1.6
  • Fortinet Fortios 4.1.7
  • Fortinet Fortios 4.1.8
  • Fortinet Fortios 4.1.9
  • Fortinet Fortios 4.1.10
  • Fortinet Fortios 4.1.11
  • Fortinet Fortios 4.2.0
  • Fortinet Fortios 4.2.1
  • Fortinet Fortios 4.2.2
  • Fortinet Fortios 4.2.3
  • Fortinet Fortios 4.2.4
  • Fortinet Fortios 4.2.5
  • Fortinet Fortios 4.2.6
  • Fortinet Fortios 4.2.7
  • Fortinet Fortios 4.2.8
  • Fortinet Fortios 4.2.9
  • Fortinet Fortios 4.2.10
  • Fortinet Fortios 4.2.11
  • Fortinet Fortios 4.2.12
  • Fortinet Fortios 4.2.13
  • Fortinet Fortios 4.2.14
  • Fortinet Fortios 4.2.15
  • Fortinet Fortios 4.2.16
  • Fortinet Fortios 4.3.0
  • Fortinet Fortios 4.3.1
  • Fortinet Fortios 4.3.2
  • Fortinet Fortios 4.3.3
  • Fortinet Fortios 4.3.4
  • Fortinet Fortios 4.3.5
  • Fortinet Fortios 4.3.6
  • Fortinet Fortios 4.3.7
  • Fortinet Fortios 4.3.8
  • Fortinet Fortios 4.3.9
  • Fortinet Fortios 4.3.10
  • Fortinet Fortios 4.3.11
  • Fortinet Fortios 4.3.12
  • Fortinet Fortios 4.3.13
  • Fortinet Fortios 4.3.14
  • Fortinet Fortios 4.3.15
  • Fortinet Fortios 4.3.16
  • Fortinet Fortios 4.3.17
  • Fortinet Fortios 4.3.18
  • Fortinet Fortios 4.3.19
  • Fortinet Fortios 5.0
  • Fortinet Fortios 5.0.0
  • Fortinet Fortios 5.0.1
  • Fortinet Fortios 5.0.2
  • Fortinet Fortios 5.0.3
  • Fortinet Fortios 5.0.4
  • Fortinet Fortios 5.0.5
  • Fortinet Fortios 5.0.6
  • Fortinet Fortios 5.0.7
  • Fortinet Fortios 5.0.8
  • Fortinet Fortios 5.0.9
  • Fortinet Fortios 5.0.10
  • Fortinet Fortios 5.0.11
  • Fortinet Fortios 5.0.12
  • Fortinet Fortios 5.0.13
  • Fortinet Fortios 5.0.14
  • Fortinet Fortios 5.2.0
  • Fortinet Fortios 5.2.1
  • Fortinet Fortios 5.2.2
  • Fortinet Fortios 5.2.3
  • Fortinet Fortios 5.2.4
  • Fortinet Fortios 5.2.5
  • Fortinet Fortios 5.2.6
  • Fortinet Fortios 5.2.7
  • Fortinet Fortios 5.2.8

    CVE Information:
    CVE-2019-13384

    Disclosure Timeline:
    Publish Date:06/04/2019

    Categories: News