PSIRT Advisories

OpenRedirect in Malicious Generated PDF Document on FortiAnalyzer and FortiManager


An open redirect vulnerability exists in FortiAnalyzer and FortiManager when a user of the GUI is converting an HTML table to a PDF document via the FortiView feature, due to lack of user input sanitization.

An attacker may be able to social engineer a user of the FortiAnalyzer/FortiManager GUI into generating a PDF file containing malicious URLs.

Affected Products

FortiAnalyzer 6.0.0, 5.6.5 and below.
FortiManager 6.0.0, 5.6.5 and below, when the FortiView feature is enabled.


FortiAnalyzer: upgrade to 5.6.6, 6.0.1 or above.
FortiManager: upgrade to 5.6.6, 6.0.1 or above.

Since both FortiAnalyzer and FortiManager already have tokens to block Cross-site Request Forgery (CSRF) attacks, the risk of successful exploitation of this vulnerability is low, and mostly relies on social engineering.

Update History:
06-22-2018 Initial Version.
09-26-2018 New 5.6 branch fix added.


Fortinet is pleased to thank Donato Onofri, Luca Napolitano and Francesca Perrone of Business Integration Partners S.p.A. reporting this vulnerability under responsible disclosure.