FortiManager Cross-Site WebSocket Hijacking (CSWSH)
An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
Improper Access Control
FortiManager 6.2.0 to 6.2.1, 6.0.6 and below
Upgrade to FortiManager 6.2.2 or 6.0.7
Fortinet is pleased to thank Independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting this issue under responsible disclosure.