CVE-2021-26103
6.3MEDIUMAn insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.
게시됨: 12/8/2021업데이트됨: 11/21/2024
설명
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.
AI 분석AI 기반
영향받는 제품
fortinetfortiproxy
fortinetfortiproxy
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
7.0.0
참조
- https://fortiguard.com/advisory/FG-IR-20-158PatchVendor Advisory
- https://fortiguard.com/advisory/FG-IR-20-158PatchVendor Advisory