CVE-2023-48790
Published: 11 March 2025
Description
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
Security Summary
CVE-2023-48790 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, affecting Fortinet FortiNDR in versions 7.4.0, 7.2.0 through 7.2.1, 7.1.0 through 7.1.1, and all versions before 7.0.5. The flaw enables a remote unauthenticated attacker to execute unauthorized actions by tricking users into interacting with crafted HTTP GET requests. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability despite requiring user interaction and high attack complexity.
A remote unauthenticated attacker can exploit this vulnerability by crafting malicious HTTP GET requests that mimic legitimate ones, relying on a victim to access a malicious site or click a link while authenticated to the FortiNDR interface. Successful exploitation requires the user to perform the action unknowingly, potentially allowing the attacker to execute arbitrary unauthorized operations on the targeted system, such as modifying configurations or accessing sensitive data.
For mitigation details, refer to the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-23-353, which provides guidance on patches and workarounds for affected FortiNDR versions.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CSRF vulnerability enables unauthorized actions when an authenticated user is tricked into clicking a crafted malicious link or accessing a malicious site, directly facilitating exploitation via drive-by compromise, malicious link user execution, and spearphishing links.