FortiMail / FortiNDR / FortiRecorder / FortiSwitch / FortiVoice – Cross-site scripting forgery (CSRF) in HTTPd CLI console

Fortiguard Security Advisory

A cross-site scripting forgery vulnerability [CWE-352] in FortiMail, FortiNDR, FortiRecorder, FortiSwitch & FortiVoiceEnterprise may allow a remote and unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

READ MORE