CVE-2019-16151

Summary

CVE-2019-16151 is a web page generation vulnerability affecting FortiOS 6.4.1 and below, as well as 6.2.9 and below [1]. This issue, classified as CWE-79 [2], allows unauthenticated remote attackers to redirect users to malicious websites using a crafted "Host" header, or even execute JavaScript code in the victim's browser context [1]. FortiGate devices with web filtering and category override configurations are susceptible to this vulnerability. [1] The vulnerability affects FortiOS 6.4.1 and below, as well as 6.2.9 and below. [2] This is a specific type of vulnerability, known as improper neutralization of input. [Objective, professional, and straightforward summary] CVE-2019-16151 is a web page generation vulnerability in FortiOS 6.4.1 and below, along with 6.2.9 and below. Classified as CWE-79, this issue enables remote, unauthenticated attackers to redirect users to harmful websites using a crafted "Host" header or execute JavaScript code in their browser context. FortiGate devices with web filtering and category override configurations are susceptible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.