Multiple CSRF Vulnerabilities in FortiGate Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-13-014 Final 1 1 2013-07-08T00:00:00 Current version 2013-07-08T00:00:00 2013-07-08T00:00:00 This field is not shown on advisory.The issue is tracked in Mantis 158276, 204901 Multiple CSRF (Cross-Site Request Forgery) vulnerabilities exist in FortiGate because GUI pages are not protected by CSRF token. It could allow remote attackers to hijack the authentication of arbitrary users under certain conditions. Security Bypass FortiGates running FortiOS 4.3.12 and prior versions, FortiGates running FortiOS 5.0.2 and prior versions Upgrade FortiGates to FortiOS version 4.3.13 or 5.0.3. https://fortiguard.fortinet.com/psirt/FG-IR-13-014 Multiple CSRF Vulnerabilities in FortiGate http://packetstormsecurity.com/files/122216/Fortigate-Firewall-Cross-Site-Request-Forgery.html http://packetstormsecurity.com/files/122216/Fortigate-Firewall-Cross-Site-Request-Forgery.html CVE-2013-1414 https://fortiguard.fortinet.com/psirt/FG-IR-13-014 Multiple CSRF Vulnerabilities in FortiGate Reference> http://packetstormsecurity.com/files/122216/Fortigate-Firewall-Cross-Site-Request-Forgery.html http://packetstormsecurity.com/files/122216/Fortigate-Firewall-Cross-Site-Request-Forgery.html