Description
A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
X
RC
X
Affected products
- fortinet / fortindr7.4.0 – 7.4.0
- fortinet / fortindr7.2.0 – 7.2.1
- fortinet / fortindr7.1.0 – 7.1.1
- fortinet / fortindr7.0.0 – 7.0.5
- fortinet / fortindr1.5.0 – 1.5.3
References
- VENDOR_ADVISORYhttps://fortiguard.fortinet.com/psirt/FG-IR-23-353