cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/63663 | Exploit |
http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt | Exploit |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2013-11-20 06:12
Updated : 2013-11-20 09:10
NVD link : CVE-2013-6826
Mitre link : CVE-2013-6826
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
fortinet
- fortianalyzer-4000b
- fortianalyzer-3000d
- fortianalyzer-200d
- fortianalyzer-2000b
- fortianalyzer-1000d
- fortianalyzer_firmware
- fortianalyzer-300d