FortiManager Cross-Site WebSocket Hijacking (CSWSH)
Summary
An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
Affected Products
FortiManager 6.2.0 to 6.2.1, 6.0.6 and earlierSolutions
Upgrade to FortiManager 6.2.2 or 6.0.7Acknowledgement
Fortinet is pleased to thank Independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting this issue under responsible disclosure.