CVE-2024-27783

CWE-352 ā€” Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.8HIGH
EPSS
1.1%
top 22.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiaiops
Timeline
PublishedJul 9

Description

Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:LExploitability: 2.8 | Impact: 4.7

Affected Packages2 packages

ā–¶CVEListV5fortinet/fortiaiops2.0.0
ā–¶NVDfortinet/fortiaiops2.0.0

šŸ”“Vulnerability Details

2
GHSA
GHSA-h7v8-g696-gjw8: Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2ā†—2024-07-09
ā–¶
CVEList
CVE-2024-27783: Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2ā†—2024-07-09
ā–¶

šŸ“‹Vendor Advisories

1
Fortinet
Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an...ā†—2024-07-09
ā–¶
CVE-2024-27783 (HIGH CVSS 8.8) | Multiple cross-site request forgery | cvebase.io