CVE-2019-6696

MEDIUM

FortiOS 5.4.0-6.0.8 - URL Redirection via Admin Initial Password Change Webpage

Title source: llm
STIX 2.1

Description

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/psirt/FG-IR-19-179

Scores

CVSS v3 6.1
EPSS 0.0020
EPSS Percentile 41.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-601 CWE-20
Status published
Products (3)
fortinet/fortios 6.2.0
fortinet/fortios 6.2.1
fortinet/fortios 5.4.0 - 6.0.8
Published Mar 15, 2020
Tracked Since Feb 18, 2026