CVE-2022-27488

Name of the Vulnerable Software and Affected Versions FortiVoiceEnterprise versions 6.0.x through 6.4.x FortiSwitch versions 6.0.x through 7.0.4 FortiMail versions 6.0.x through 7.0.3 FortiRecorder versions 2.6.x through 6.4.2 FortiNDR version 1.x.x

Description A cross-site request forgery (CSRF) issue allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests. This can be done by exploiting the vulnerability to perform arbitrary GET requests.

Recommendations For FortiVoiceEnterprise versions 6.0.x through 6.4.x, update to a version that includes a fix for this issue. For FortiSwitch versions 6.0.x through 7.0.4, update to a version that includes a fix for this issue. For FortiMail versions 6.0.x through 7.0.3, update to a version that includes a fix for this issue. For FortiRecorder versions 2.6.x through 6.4.2, update to a version that includes a fix for this issue. For FortiNDR version 1.x.x, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.