Sven Wurth

**Name of the Vulnerable Software and Affected Versions** FortiOS versions prior to 4.3.13 FortiOS versions 5.x prior to 5.0.2 **Description** The issue is related to a lack of authentication check for HTTP requests in the web interface of the FortiOS operating system. This can be exploited by a remote attacker to perform cross-site request forgery (CSRF) attacks, potentially allowing them to hijack administrator authentication for modifying settings, policies, or restarting the device. The exploitation can occur through specific actions, such as a rebootme action to system/maintenance/shutdown. **Recommendations** For FortiOS versions prior to 4.3.13, update to version 4.3.13 or later. For FortiOS versions 5.x prior to 5.0.2, update to version 5.0.2 or later. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.