Fortinet FortiOS < 4.3.13 / 5.0.3 Multiple XSRF

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple cross-site request forgery
vulnerabilities.

Description :

The remote host is running FortiOS prior to 4.3.13 / 5.0.3. It is,
therefore, affected by multiple cross-site request forgery
vulnerabilities in web UI pages because they are not protected by XSRF
tokens. An attacker could potentially exploit this vulnerability to
hijack an authenticated user's session.

See also :

http://www.fortiguard.com/advisory/FGA-2013-22

Solution :

Upgrade to Fortinet FortiOS 4.3.13 / 5.0.3 or later.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 73527 ()

Bugtraq ID: 60861

CVE ID: CVE-2013-1414

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now