Cross-Site Request Forgery Vulnerability in Fortinet FortiNDR
CVE-2023-48790

7.1HIGH

Key Information:

Vendor: Fortinet
Status: Fortindr
Vendor: CVE Published:; 11 March 2025

What is CVE-2023-48790?

A Cross-Site Request Forgery vulnerability in Fortinet FortiNDR could enable a remote unauthenticated attacker to exploit the system by sending crafted HTTP GET requests. This flaw affects multiple versions of FortiNDR, allowing attackers to perform unauthorized actions without proper authentication, which could compromise system integrity and security.

Affected Version(s)

FortiNDR 7.4.0

FortiNDR 7.2.0 <= 7.2.1

FortiNDR 7.1.0 <= 7.1.1

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-353

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Nov 19, 2023