CVE-2024-27783

8.8HIGH

Key Information

Vendor: Fortinet
Status: Fortiaiops
Vendor: CVE Published:; 9 July 2024

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.

Affected Version(s)

FortiAIOps = 2.0.0

Refferences

https://fortiguard.fortinet.com/psirt/FG-IR-24-070

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024

Collectors

NVD DatabaseMitre Database