Fortinet FortiOS < 4.3.13 / 5.0.3 Multiple XSRF

medium Nessus Plugin ID 73527

Synopsis

The remote host is affected by multiple cross-site request forgery vulnerabilities.

Description

The remote host is running FortiOS prior to 4.3.13 / 5.0.3. It is, therefore, affected by multiple cross-site request forgery vulnerabilities in web UI pages because they are not protected by XSRF tokens. An attacker could potentially exploit this vulnerability to hijack an authenticated user's session.

Solution

Upgrade to Fortinet FortiOS 4.3.13 / 5.0.3 or later.

See Also

http://www.fortiguard.com/advisory/FGA-2013-22

Plugin Details

Severity: Medium

ID: 73527

File Name: fortios_FGA-2013-22.nasl

Version: 1.4

Type: local

Family: Firewalls

Published: 4/15/2014

Updated: 7/11/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:fortinet:fortios

Required KB Items: Host/Fortigate/model, Host/Fortigate/version, Host/Fortigate/build

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/3/2013

Vulnerability Publication Date: 7/8/2013

Reference Information

CVE: CVE-2013-1414

BID: 60861