CVE-2021-26103
6.3MEDIUMAn insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.
Опубликовано: 12/8/2021Обновлено: 11/21/2024
Описание
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.
ИИ-АнализНа базе ИИ
Затронутые продукты
fortinetfortiproxy
fortinetfortiproxy
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
7.0.0
Ссылки
- https://fortiguard.com/advisory/FG-IR-20-158PatchVendor Advisory
- https://fortiguard.com/advisory/FG-IR-20-158PatchVendor Advisory