PSIRT Advisory
FortiWeb Cross-Site Request Forgery Vulnerability
Description
Multiple CSRF vulnerabilities exist in the FortiWeb web administration console due to lack of CSRF token protection. This could allow remote attackers to perform administrative actions under specific conditions.
Impact
Authorization Bypass
Affected Products
FortiWeb 5.1.x and lower.
Solutions
Upgrade to FortiWeb 5.2.0 or higher.
Acknowledgement
This vulnerability was separately reported by both William Costa and Enrique Nissim.