#VU84453 Cross-site request forgery in Fortinet FortiMail


Published: 2023-12-15

Vulnerability identifier: #VU84453

Vulnerability risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27488

CWE-ID: CWE-352

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Fortinet FortiMail
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in HTTPd CLI console. A remote attacker can trick the administrator to visit a specially crafted web page and execute arbitrary CLI commands available via HTTP GET requests.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Fortinet FortiMail: 6.0.0 - 7.0.3

External links
http://fortiguard.com/psirt/FG-IR-22-038

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


CSRF in FortiNDR HTTPd CLI console
CSRF in FortiVoice HTTPd CLI console
CSRF in FortiSwitch HTTPd CLI console
CSRF in FortiRecorder HTTPd CLI console
CSRF in FortiMail HTTPd CLI console