SynopsisThe remote host is affected by a host header redirection vulnerability.
DescriptionThe remote host is running a version of FortiOS prior to 5.2.15 or 5.4.0 prior to 6.0.5. It is, therefore, affected by a host header redirection vulnerability in the SSL VPN web portal due to a failure to properly validate HTTP request headers. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request to redirect SSL VPN web portal users to arbitrary web domains.
SolutionUpgrade to Fortinet FortiOS version to 5.2.15, 6.0.5 or 6.2.0 or later. Alternatively, apply one of the workarounds outlined in the linked advisory