CVE-2024-27783

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0

Description The issue is related to multiple cross-site request forgery (CSRF) vulnerabilities in the graphical user interface of FortiAIOps, which may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user. This can be achieved by tricking the victim into executing malicious GET requests, effectively allowing the attacker to send specially crafted harmful GET requests.

Recommendations For FortiAIOps version 2.0.0, consider disabling the vulnerable graphical user interface components until a patch is available to prevent exploitation of the CSRF vulnerabilities. Restrict access to the interface to minimize the risk of remote attackers sending malicious GET requests. Avoid using the interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.