Multiple CSRF Vulnerabilities in FortiGate


This field is not shown on advisory.The issue is tracked in Mantis 158276, 204901

description-logo Description

Multiple CSRF (Cross-Site Request Forgery) vulnerabilities exist in FortiGate because GUI pages are not protected by CSRF token. It could allow remote attackers to hijack the authentication of arbitrary users under certain conditions.

Affected Products

FortiGates running FortiOS 4.3.12 and prior versions, FortiGates running FortiOS 5.0.2 and prior versions


Upgrade FortiGates to FortiOS version 4.3.13 or 5.0.3.