IR Number	FG-IR-13-018
Date	Nov 22, 2013
Risk
Impact	Security Bypass
CVE ID	CVE-2013-6826
CVRF	Download

Refine Search

FortiAnalyzer Cross Site Request Forgery Vulnerability

Description

Multiple CSRF vulnerabilities exist in the FortiAnalyzer web administration console due to an error in CSRF token validation. This could allow remote attackers to perform administrative actions under specific conditions.

Affected Products

FortiAnalyzer 4.x prior to version 4.3.7,FortiAnalyzer 5.x prior to version 5.0.5.

Solutions

Upgrade to FortiAnalyzer 4.3.7 or FortiAnalyzer 5.0.5.

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6826
http://www.securityfocus.com/bid/63663

At a glance:

FortiAnalyzer Cross Site Request Forgery Vulnerability

FortiAnalyzer Cross Site Request Forgery Vulnerability

Description

Affected Products

Solutions

References