At a glance:
| IR Number | FG-IR-19-191 |
| Date | Feb 13, 2020 |
| Risk | 
|
| Impact | Improper Access Control |
| CVE ID | CVE-2019-17654 |
| Affected Products |
FortiManager: 5.6, 6.0, 6.2
|
| CVRF | Download |
Refine Search
PSIRT Advisory
FortiManager Cross-Site WebSocket Hijacking (CSWSH)
Summary
An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
Impact
Improper Access Control
Affected Products
FortiManager 6.2.0 to 6.2.1, 6.0.6 and below
Solutions
Upgrade to FortiManager 6.2.2 or 6.0.7
Acknowledgement
Fortinet is pleased to thank Independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting this issue under responsible disclosure.