CVE-2023-48790

High CVSS 7.5

Overview

A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.

CWE: CWE-352 Published: 2025-03-11T15:15:40.227

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.5 (HIGH)
Detected tags: csrf, unauth_access (tag impact: HIGH)

Recommended actions:

CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags