PT-2025-10768 · Fortinet · Fortindr
Published
2025-03-11
·
Updated
2025-07-22
·
CVE-2023-48790
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Fortinet FortiNDR versions 7.1.0 through 7.1.1
Fortinet FortiNDR versions 7.2.0 through 7.2.1
Fortinet FortiNDR version 7.4.0
Fortinet FortiNDR versions prior to 7.0.5
Description:
A cross-site request forgery vulnerability in Fortinet FortiNDR may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.
Recommendations:
For Fortinet FortiNDR versions 7.1.0 through 7.1.1, update to a version that fixes the vulnerability.
For Fortinet FortiNDR versions 7.2.0 through 7.2.1, update to a version that fixes the vulnerability.
For Fortinet FortiNDR version 7.4.0, update to a version that fixes the vulnerability.
For Fortinet FortiNDR versions prior to 7.0.5, update to a version that fixes the vulnerability.
As a temporary workaround, consider restricting access to vulnerable API endpoints until a patch is available.
Avoid using crafted HTTP GET requests in the affected Fortinet FortiNDR versions until the issue is resolved.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortindr