CVE-2013-6826

2022-10-0316:14:51

CWE-352

[email protected]

web.nvd.nist.gov

fortinet

fortianalyzer

cve-2013-6826

csrf

vulnerability

security

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.

Affected configurations

NVD

Node

fortinetfortianalyzer_firmwareRange≤5.0.4

AND

fortinetfortianalyzer-1000dMatch-

fortinetfortianalyzer-2000bMatch-

fortinetfortianalyzer-200dMatch-

fortinetfortianalyzer-3000dMatch-

fortinetfortianalyzer-300dMatch-

fortinetfortianalyzer-4000bMatch-

CPENameOperatorVersion
fortinet:fortianalyzer_firmwarefortinet fortianalyzer firmwarele5.0.4
fortinet:fortianalyzer-1000dfortinet fortianalyzer-1000deq-
fortinet:fortianalyzer-2000bfortinet fortianalyzer-2000beq-
fortinet:fortianalyzer-200dfortinet fortianalyzer-200deq-
fortinet:fortianalyzer-3000dfortinet fortianalyzer-3000deq-
fortinet:fortianalyzer-300dfortinet fortianalyzer-300deq-
fortinet:fortianalyzer-4000bfortinet fortianalyzer-4000beq-

CPE	Name	Operator	Version
fortinet:fortianalyzer_firmware	fortinet fortianalyzer firmware	le	5.0.4
fortinet:fortianalyzer-1000d	fortinet fortianalyzer-1000d	eq	-
fortinet:fortianalyzer-2000b	fortinet fortianalyzer-2000b	eq	-
fortinet:fortianalyzer-200d	fortinet fortianalyzer-200d	eq	-
fortinet:fortianalyzer-3000d	fortinet fortianalyzer-3000d	eq	-
fortinet:fortianalyzer-300d	fortinet fortianalyzer-300d	eq	-
fortinet:fortianalyzer-4000b	fortinet fortianalyzer-4000b	eq	-