Description
A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-22-038
Scores
CVSS v3
8.3
EPSS
0.0044
EPSS Percentile
63.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
Details
CWE
CWE-352
Status
published
Products (8)
fortinet/fortiai
1.1.0
fortinet/fortiai
1.5.3
fortinet/fortimail
6.0.0 - 6.0.12
fortinet/fortindr
7.1.0
fortinet/fortindr
7.0.0 - 7.0.4
fortinet/fortirecorder
2.6.0 - 2.6.3
fortinet/fortiswitch
6.0.0 - 6.0.7
fortinet/fortivoice
6.0.0 - 6.0.11
Published
Dec 13, 2023
Tracked Since
Feb 18, 2026