CVE-2017-3126

MEDIUM

Fortinet FortiAnalyzer and FortiManager 5.4.0-5.4.2 - Open Redirect via Next Parameter

Title source: llm
STIX 2.1

Description

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038540
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98557
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038539
Vendor Advisory x_refsource_confirm
https://fortiguard.com/psirt/FG-IR-17-014

Scores

CVSS v3 6.1
EPSS 0.0024
EPSS Percentile 47.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-601
Status published
Products (8)
fortinet/fortianalyzer_firmware 5.4.0
fortinet/fortianalyzer_firmware 5.4.1
fortinet/fortianalyzer_firmware 5.4.2
fortinet/fortimanager_firmware 5.4.0
fortinet/fortimanager_firmware 5.4.1
fortinet/fortimanager_firmware 5.4.2
Fortinet, Inc./Fortinet FortiAnalyzer, FortiManager FortiAnalyzer 5.4.2, 5.4.1, 5.4.0
Fortinet, Inc./Fortinet FortiAnalyzer, FortiManager FortiManager 5.4.2, 5.4.1, 5.4.0
Published May 27, 2017
Tracked Since Feb 18, 2026