Multiple CSRF Vulnerabilities in FortiGate
This field is not shown on advisory.The issue is tracked in Mantis 158276, 204901
Multiple CSRF (Cross-Site Request Forgery) vulnerabilities exist in FortiGate because GUI pages are not protected by CSRF token. It could allow remote attackers to hijack the authentication of arbitrary users under certain conditions.
FortiGates running FortiOS 4.3.12 and prior versions, FortiGates running FortiOS 5.0.2 and prior versions
Upgrade FortiGates to FortiOS version 4.3.13 or 5.0.3.