CVE-2019-6696

Summary

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiOS6.2.1affected
FortinetFortinet FortiOS6.2.0affected
FortinetFortinet FortiOS6.0.8 and below until 5.4.0affected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References