TTCSIRT-260.010620: TT-CSIRT ADVISORY- FORTIOS SSL VPN WEB PORTAL HOST HEADER REDIRECTION

TTCSIRT-260.010620: TT-CSIRT ADVISORY- FORTIOS SSL VPN WEB PORTAL HOST HEADER REDIRECTION

A Host Header Redirection vulnerability exists in FortiOS SSL-VPN web portal: when an attacker submits specially crafted HTTP requests, the SSL-VPN web portal may respond with a redirection to websites specified by the attacker.

If a web proxy’s cache is poisoned with the aforementioned redirection, users of this web proxy may be directed to the attacker’s specified websites when trying to access the SSL-VPN web portal.

Impact: Improper Access Control

Affected Products: FortiOS 5.4.0 to 6.0.4, 5.2.14 and below.

Solutions: Upgrade to FortiOS 5.2.15, 6.0.5 or 6.2.0

Workarounds: The risk is low as the attack needs to be combined with other attacks to have an impact.

As a measure of precaution, administrators may want to disable the SSL-VPN web portal service by applying the following CLI commands:

config vpn ssl settings
unset source-interface
end

Revision History: 2019-05-17 Initial version, 2020-01-03 New fix on 5.2.15 released.

The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages users and administrators to review FortiOS 5.4.0 to 6.0.4, 5.2.14 and below and perform the relevant upgrades.

For further review please see the following link: