First published: Mon Jul 08 2013(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiOS IPS Engine | <=4.3.12 | |
Fortinet FortiOS IPS Engine | =4.3.10 | |
Fortinet FortiOS IPS Engine | =5.0 | |
Fortinet FortiOS IPS Engine | =5.0.1 | |
Fortinet Fortigate-1000c | ||
Fortinet Fortigate-100d | ||
Fortinet Fortigate-110c | ||
Fortinet Fortigate-1240b | ||
Fortinet Fortigate-200b | ||
Fortinet Fortigate-20c | ||
Fortinet Fortigate-300c | ||
Fortinet Fortigate | ||
Fortinet Fortigate-310b | ||
Fortinet Fortigate-311b | ||
Fortinet Fortigate-3140b | ||
Fortinet Fortigate-3240c | ||
Fortinet Fortigate-3810a | ||
Fortinet Fortigate | ||
Fortinet Fortigate-40c | ||
Fortinet Fortigate-5001A | ||
Fortinet Fortigate-5001b | ||
Fortinet Fortigate | ||
Fortinet Fortigate | ||
Fortinet Fortigate | ||
Fortinet Fortigate-5101C | ||
Fortinet Fortigate-5140b | ||
Fortinet Fortigate | ||
Fortinet Fortigate-60c | ||
Fortinet Fortigate-620b | ||
Fortinet Fortigate-800c | ||
Fortinet Fortigate-voice-80c | ||
Fortinet Fortigate-voice-80c | ||
Fortinet FortiGate Rugged-100C |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-1414 has a critical severity rating due to its ability to allow unauthorized changes to FortiGate firewall settings.
To fix CVE-2013-1414, upgrade Fortinet FortiOS to version 4.3.13 or later, or to any 5.x version higher than 5.0.2.
The potential impacts of CVE-2013-1414 include unauthorized access to administrative functions, allowing attackers to modify settings, policies, or restart the device.
CVE-2013-1414 affects various Fortinet FortiGate firewall devices running FortiOS versions prior to 4.3.13 and 5.x versions before 5.0.2.
Yes, CVE-2013-1414 can be exploited remotely, allowing attackers to hijack the authentication of administrators.