CVE-2014-3115

Name of the Vulnerable Software and Affected Versions FortiWeb versions prior to 5.2.0

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console. These vulnerabilities allow remote attackers to hijack the authentication of administrators. The attack vectors include the API endpoint "system/config/adminadd" and other unspecified vectors.

Recommendations For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web administration console to minimize the risk of exploitation. Avoid using the vulnerable API endpoint "system/config/adminadd" until the issue is resolved.