Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities

Medium

Synopsis

The remote host is affected by multiple cross-site request forgery vulnerabilities.

Description

The remote host running FortiWeb prior to 5.2.0. It is, therefore, affected by multiple cross-site request forgery (XSRF) vulnerabilities in the web UI due to a lack of XSRF token protection. A remote, unauthenticated attacker could potentially exploit this vulnerability to perform administrative actions.

Solution

Upgrade to FortiWeb version 5.2.0 or later.