Description
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
Affected products
- fortinet / Fortinet FortiManager6.2.1 – 6.2.1
- fortinet / Fortinet FortiManager6.2.0 – 6.2.0
- fortinet / Fortinet FortiManager6.0.6 and below – 6.0.6 and below
References
- VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-19-191