Operating System:

[Appliance]

Published:

13 March 2020

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ESB-2020.0918 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0918
                 FortiSIEM is vulnerable to a CSRF attack
                               13 March 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           FortiSIEM
Publisher:         Fortiguard
Operating System:  Network Appliance
Impact/Access:     Cross-site Request Forgery -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-17653  

Original Bulletin: 
   https://fortiguard.com/psirt/ FG-IR-19-240

- --------------------------BEGIN INCLUDED TEXT--------------------

FortiSIEM is vulnerable to a CSRF attack

IR Number : FG-IR-19-240

Date      : Mar 12, 2020

Risk      : 3/5

Impact    : Execute Unauthorized Code or Commands

CVE ID    : CVE-2019-17653

CVE ID    : CVE-2019-17653

Summary

A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of
FortiSIEM could allow a remote, unauthenticated attacker to perform arbitrary
actions using an authenticated user's session by persuading the victim to
follow a malicious link.

Impact

Execute Unauthorized Code or Commands

Affected Products

FortiSIEM version 5.2.5 and below

Solutions

Please upgrade to FortiSIEM version 5.2.6 or above.

Acknowledgement

Fortinet is pleased to thank the researcher Ganoush for bringing this issue to
our attention under responsible disclosure.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXmsPq2aOgq3Tt24GAQj+BxAAm94l92k3cqEY50vl2AOoUnsaERQAAN99
lzPNs7rYlTVTVVEC23PNIyQcBxYc3wiXIXpkHVN56RDUvaI8oXLn53HLVkdHfG52
GHo8PLVvgQK/wMj22heXhdD38dhWDyfB9FN+07puIhDenT7Y1x+H32MetFL5LC81
ygC2hZTlCNzDb+EVebIyQXeeF7FeEQ1N9q3xRdZAOXqHYa0nSWX3hHwYCv5tJUrj
5YC6tlK9W0QF0veYL0Agaa3yT5YxwQjayO+0NctNMW4T2AvQqTdVYaq3xif+mBQP
n4stp+ZFxvhiSRPNYnzUN6Yd5AwF00l4f4dp0ZcTJZ/LX9b15POkrbc8N984YVOr
dipsA6JaZtpU9vyfse70O+d+My4OetLIyIqi797jotGsuJiHmMz1gbPv8VkCSZSt
pD9mCptaE7KULadjvrJnDygf7g9jVnnFZwyssnwrIZ8DkEmbY1jlWwPRMiYgWdDB
fGRMsFwbka1l5hnCL8IbzZaKPlIdnTN6rRQCpthCZjKDjmJjUAbPfEUhdRuQ/dJU
TBZe1MERvVNWXCfkcTPloXWRIgGgTDBDA6GXP67m6ch/Xn6uT9WhK3zIvMLJiTHI
LfsHCzeLd3OYYcN/5FeRVElwdk0wcyz4S2oo7uqJ+cGg78rIj5JMCfAsNQsmiBmJ
tYocGN2Xc7g=
=iKE5
-----END PGP SIGNATURE-----