Cross-Site Request Forgery (CSRF) Vulnerability in FortiProxy and FortiGate SSL VPN Portal

Cross-Site Request Forgery (CSRF) Vulnerability in FortiProxy and FortiGate SSL VPN Portal

CVE-2021-26103 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.

Learn more about our Web App Pen Testing.