SSL-VPN portal is vulnerable to CSRF
Summary
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy and FortiGate SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.
Affected Products
FortiProxy versions 2.0.3 and below.
FortiProxy version 1.2.11 and below.
FortiGate version 7.0.0.
FortiGate versions 6.4.6 and below.
FortiGate versions 6.2.9 and below.
FortiGate versions 5.6.x and 6.0.x are also impacted.
Solutions
Please upgrade to FortiProxy version 2.0.4 or above.
Please upgrade to FortiProxy version 1.2.12 or above.
Please upgrade to FortiGate version 7.0.1 or above.
Please upgrade to FortiGate version 6.4.7 or above.
Please upgrade to FortiGate version 6.2.10 or above.
Acknowledgement
Fortinet is pleased to thank Gabriel Costa Castello and Pablo Valle Alvear for bringing this issue to our attention under responsible disclosure.Timeline
2021-12-07: Initial publication