Summary
This field is not shown on advisory.The issue is tracked in Mantis 158276, 204901
Description
Multiple CSRF (Cross-Site Request Forgery) vulnerabilities exist in FortiGate because GUI pages are not protected by CSRF token. It could allow remote attackers to hijack the authentication of arbitrary users under certain conditions.
Affected Products
FortiGates running FortiOS 4.3.12 and prior versions, FortiGates running FortiOS 5.0.2 and prior versions
Solutions
Upgrade FortiGates to FortiOS version 4.3.13 or 5.0.3.