FortiAnalyzer Cross Site Request Forgery Vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-13-018 Final 1 1 2013-11-22T00:00:00 Current version 2013-11-22T00:00:00 2013-11-22T00:00:00 Multiple CSRF vulnerabilities exist in the FortiAnalyzer web administration console due to an error in CSRF token validation. This could allow remote attackers to perform administrative actions under specific conditions. Security Bypass FortiAnalyzer 4.x prior to version 4.3.7,FortiAnalyzer 5.x prior to version 5.0.5. Upgrade to FortiAnalyzer 4.3.7 or FortiAnalyzer 5.0.5. https://fortiguard.fortinet.com/psirt/FG-IR-13-018 FortiAnalyzer Cross Site Request Forgery Vulnerability http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6826 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6826 http://www.securityfocus.com/bid/63663 http://www.securityfocus.com/bid/63663 CVE-2013-6826 https://fortiguard.fortinet.com/psirt/FG-IR-13-018 FortiAnalyzer Cross Site Request Forgery Vulnerability Reference> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6826 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6826 http://www.securityfocus.com/bid/63663 http://www.securityfocus.com/bid/63663