CVE-2013-1414
FortiOS < 4.3.13 and 5.x < 5.0.2 - Cross-Site Request Forgery
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-1414. PoCs published by Sven Wurth.
AI-analyzed exploit summary This PoC demonstrates a CSRF vulnerability in Fortinet Firewalls, allowing an attacker to perform actions like rebooting the device by tricking an authenticated administrator into visiting a malicious page. The exploit leverages the lack of CSRF tokens in certain functions.
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
Exploits (1)
This PoC demonstrates a CSRF vulnerability in Fortinet Firewalls, allowing an attacker to perform actions like rebooting the device by tricking an authenticated administrator into visiting a malicious page. The exploit leverages the lack of CSRF tokens in certain functions.