CVE-2013-6826

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions prior to 5.0.5

Description The issue is related to the improper validation of the csrf token parameter in the cgi-bin/module//sysmanager/admin/SYSAdminUserDialog endpoint. This allows remote attackers to perform cross-site request forgery (CSRF) attacks. CSRF is an attack that tricks the victim into performing unintended actions on a web application that they are authenticated to.

Recommendations For versions prior to 5.0.5, update to version 5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin/module//sysmanager/admin/SYSAdminUserDialog endpoint until a patch is applied. Avoid using the csrf token parameter in this endpoint until the issue is resolved.