Cross Site Request Forgery in admin endpoint Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-353 Final 1 1 2025-03-11T00:00:00 Current version 2025-03-11T00:00:00 2025-03-11T00:00:00 A cross site request forgery vulnerability [CWE-352] in FortiNDR may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests. None Execute unauthorized code or commands None Internally discovered and reported by Dipanjan Das of Fortinet Vulnerability Research team. FortiNDR 7.4.0 FortiNDR 7.2.1 FortiNDR 7.2.0 FortiNDR 7.1.1 FortiNDR 7.1.0 FortiNDR 7.0.5 FortiNDR 7.0.4 FortiNDR 7.0.3 FortiNDR 7.0.2 FortiNDR 7.0.1 FortiNDR 7.0.0 FortiNDR 1.5.3 FortiNDR 1.5.2 FortiNDR 1.5.1 FortiNDR 1.5.0 CVE-2023-48790 FortiNDR-7.4.0 FortiNDR-7.2.1 FortiNDR-7.2.0 FortiNDR-7.1.1 FortiNDR-7.1.0 FortiNDR-7.0.5 FortiNDR-7.0.4 FortiNDR-7.0.3 FortiNDR-7.0.2 FortiNDR-7.0.1 FortiNDR-7.0.0 FortiNDR-1.5.3 FortiNDR-1.5.2 FortiNDR-1.5.1 FortiNDR-1.5.0 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-23-353 Cross Site Request Forgery in admin endpoint Reference>