CVE-2019-17653

8.8HIGH

Key Information:

Vendor
Fortinet
Status
Fortinet Fortisiem
Vendor
CVE Published:
12 March 2020

Summary

A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.

Affected Version(s)

Fortinet FortiSIEM 5.2.5

References

https://fortiguard.com/psirt/FG-IR-19-240
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.