CSRF Vulnerability in Fortinet FortiVoice and Related Products
CVE-2022-27488
7.5HIGH
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 13 December 2023
What is CVE-2022-27488?
A cross-site request forgery vulnerability exists within multiple Fortinet products, including FortiVoiceEnterprise, FortiSwitch, and FortiMail. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the command-line interface. The exploit relies on tricking authenticated administrators into sending malicious GET requests, potentially compromising sensitive administrative functions.
Affected Version(s)
FortiMail 7.0.0 <= 7.0.3
FortiMail 6.4.0 <= 6.4.6
FortiMail 6.2.0 <= 6.2.9