PSIRT

CORS: arbitrary origin trusted

Summary

A permissive cross-domain policy with untrusted domains (CWE-942) vulnerability in the API of FortiADC / FortiDDoS-F may allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.

Version	Affected	Solution
FortiADC 7.2	Not affected	Not Applicable
FortiADC 7.1	7.1.0 through 7.1.1	Upgrade to 7.1.2 or above
FortiDDoS-F 6.5	Not affected	Not Applicable
FortiDDoS-F 6.4	6.4.0 through 6.4.1	Upgrade to 6.4.2 or above
FortiDDoS-F 6.3	6.3 all versions	Migrate to a fixed release

Timeline

2023-10-17: Initial publication

IR Number	FG-IR-22-518
Published Date	Nov 14, 2023
Updated Date	Oct 17, 2023
Severity	Medium
CVSSv3 Score	5.4
Impact	Improper access control
CVE ID
Download	CVRF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

CORS: arbitrary origin trusted

Summary

Timeline

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

CORS: arbitrary origin trusted

Summary

Timeline

Threat Intelligence
Center