SSL-VPN portal is vulnerable to CSRF

Summary

An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy and FortiGate SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.

Affected Products

FortiProxy versions 2.0.3 and below.
FortiProxy version 1.2.11 and below.
FortiGate version 7.0.0.
FortiGate versions 6.4.6 and below.
FortiGate versions 6.2.9 and below.
FortiGate versions 5.6.x and 6.0.x are also impacted.

Solutions

Please upgrade to FortiProxy version 2.0.4 or above.
Please upgrade to FortiProxy version 1.2.12 or above.


Please upgrade to FortiGate version 7.0.1 or above.
Please upgrade to FortiGate version 6.4.7 or above.
Please upgrade to FortiGate version 6.2.10 or above.

Acknowledgement

Fortinet is pleased to thank Gabriel Costa Castello and Pablo Valle Alvear for bringing this issue to our attention under responsible disclosure.

Timeline

2021-12-07: Initial publication