CVE-2022-27488: CSRF

First published: Wed Dec 13 2023(Updated: )

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet Fortiai	=1.1.0
Fortinet Fortiai	=1.5.3
Fortinet FortiMail	>=6.0.0<=6.0.12
Fortinet FortiMail	>=6.2.0<=6.2.9
Fortinet FortiMail	>=6.4.0<=6.4.6
Fortinet FortiMail	>=7.0.0<=7.0.3
Fortinet FortiNDR	>=7.0.0<=7.0.4
Fortinet FortiNDR	=7.1.0
Fortinet FortiRecorder	>=2.6.0<=2.6.3
Fortinet FortiRecorder	>=2.7.0<=2.7.7
Fortinet FortiRecorder	>=6.0.0<=6.0.11
Fortinet FortiRecorder	>=6.4.0<=6.4.2
Fortinet FortiVoice	>=6.0.0<=6.0.11
Fortinet FortiVoice	>=6.4.0<=6.4.7
Fortinet FortiSwitch	>=6.0.0<=6.0.7
Fortinet FortiSwitch	>=6.2.0<=6.2.7
Fortinet FortiSwitch	>=6.4.0<=6.4.10
Fortinet FortiSwitch	>=7.0.0<=7.0.4

Remedy

Please upgrade to FortiVoice version 7.0.0 or above Please upgrade to FortiVoice version 6.4.8 or above Please upgrade to FortiVoice version 6.0.12 or above Please upgrade to FortiRecorder version 7.0.0 or above Please upgrade to FortiRecorder version 6.4.3 or above Please upgrade to FortiRecorder version 6.0.12 or above Please upgrade to FortiSwitch version 7.2.0 or above Please upgrade to FortiSwitch version 7.0.5 or above Please upgrade to FortiSwitch version 6.4.11 or above Please upgrade to FortiNDR version 7.2.0 or above Please upgrade to FortiNDR version 7.1.1 or above Please upgrade to FortiNDR version 7.0.5 or above Please upgrade to FortiMail version 7.2.0 or above Please upgrade to FortiMail version 7.0.4 or above Please upgrade to FortiMail version 6.4.7 or above

Never miss a vulnerability like this again

Reference Links

https://fortiguard.com/psirt/FG-IR-22-038

agent/type
agent/event
agent/first-publish-date
agent/severity
agent/weakness
agent/references
agent/remedy
agent/author
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortiai
version/fortinet fortiai/1.1.0
version/fortinet fortiai/1.5.3
canonical/fortinet fortimail
version/fortinet fortimail/6.0.0
version/fortinet fortimail/6.0.12
version/fortinet fortimail/6.2.0
version/fortinet fortimail/6.2.9
version/fortinet fortimail/6.4.0
version/fortinet fortimail/6.4.6
version/fortinet fortimail/7.0.0
version/fortinet fortimail/7.0.3
canonical/fortinet fortindr
version/fortinet fortindr/7.0.0
version/fortinet fortindr/7.0.4
version/fortinet fortindr/7.1.0
canonical/fortinet fortirecorder
version/fortinet fortirecorder/2.6.0
version/fortinet fortirecorder/2.6.3
version/fortinet fortirecorder/2.7.0
version/fortinet fortirecorder/2.7.7
version/fortinet fortirecorder/6.0.0
version/fortinet fortirecorder/6.0.11
version/fortinet fortirecorder/6.4.0
version/fortinet fortirecorder/6.4.2
canonical/fortinet fortivoice
version/fortinet fortivoice/6.0.0
version/fortinet fortivoice/6.0.11
version/fortinet fortivoice/6.4.0
version/fortinet fortivoice/6.4.7
canonical/fortinet fortiswitch
version/fortinet fortiswitch/6.0.0
version/fortinet fortiswitch/6.0.7
version/fortinet fortiswitch/6.2.0
version/fortinet fortiswitch/6.2.7
version/fortinet fortiswitch/6.4.0
version/fortinet fortiswitch/6.4.10
version/fortinet fortiswitch/7.0.0
version/fortinet fortiswitch/7.0.4

CVE-2022-27488: CSRF

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact