Prophaze WAF Blog

Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 - Cloud WAF

Written by Rajaneesh | Mar 16, 2020 5:03:40 PM
Overview :
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user’s session by persuading the victim to follow a malicious link.
References
Affected Product(s) :

CVE-2019-17653

References:

Each reference used in CVE has the following structure:

SOURCE: NAME

  • SOURCE is an alphanumeric keyword.
    (Examples: “BUGTRAQ”, “OVAL”, etc.)
  • NAME is a single line of ASCII text and can include colons and spaces.
    (Examples: “BUGTRAQ: Posting to Bugtraq mailing list”; “OVAL: Open Vulnerability and Assessment Language (OVAL) vulnerability definition”; etc.)

Where possible, the NAME is selected to facilitate searches on a SOURCE’s website. For references that do not have a well-defined identifier, a release date and/or subject header may be included.

References are typically listed in the order below:

  • Initial announcement
  • Response team advisory
  • Vendor acknowledgement/advisory
  • All other public sources