FortiAnalyzer Cross Site Request Forgery Vulnerability

Description

Multiple CSRF vulnerabilities exist in the FortiAnalyzer web administration console due to an error in CSRF token validation. This could allow remote attackers to perform administrative actions under specific conditions.

Affected Products

FortiAnalyzer 4.x prior to version 4.3.7,FortiAnalyzer 5.x prior to version 5.0.5.

Solutions

Upgrade to FortiAnalyzer 4.3.7 or FortiAnalyzer 5.0.5.

References

• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6826
• http://www.securityfocus.com/bid/63663