FortiWeb CSRF Vulnerability

Summary

A CSRF vulnerability could allow attackers to change admin password with crafted forms.

description-logo Description

There is a CSRF vulnerability with FortiWEB console on dashboard. Attackers may submit local forms to change admin password illegally.

Impact Detail

There is a CSRF vulnerability with FortiWEB console on dashboard. Attackers may submit local forms to change admin password illegally. 

Affected Products

FortiWEB

Solutions

Upgrade to FortWeb 5.5.3

Acknowledgement

Fortinet is pleased to thanks Ewoud Vlasselaer from Dimension Data Belgium for reporting a FortiWeb vulnerability under responsible disclosure. Â