CVE-2024-27783 in FortiAIOpsinfo

Summary

by MITRE • 07/09/2024

Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 01/09/2026

The vulnerability identified as CVE-2024-27783 represents a critical cross-site request forgery weakness affecting Fortinet FortiAIOps version 2.0.0. This classification places the flaw squarely within CWE-352, which specifically addresses CSRF vulnerabilities that enable attackers to perform unauthorized actions on behalf of authenticated users. The vulnerability exists in the web interface of FortiAIOps, creating a pathway for unauthenticated remote attackers to manipulate authenticated sessions through carefully crafted malicious requests.

The technical implementation of this CSRF flaw allows an attacker to construct malicious GET requests that, when executed by an authenticated user, can trigger unintended operations within the FortiAIOps environment. This occurs because the application fails to properly validate the origin of requests or implement adequate anti-CSRF tokens for state-changing operations. The vulnerability specifically targets the web-based management interface where authenticated users perform administrative tasks, making it particularly dangerous as it can be exploited without requiring any prior authentication credentials from the attacker.

The operational impact of this vulnerability extends beyond simple data manipulation or theft. An attacker could potentially execute administrative commands, modify system configurations, access sensitive data, or even escalate privileges within the FortiAIOps environment. The remote nature of the attack means that exploitation can occur from anywhere on the internet, making it particularly concerning for organizations that expose their FortiAIOps interfaces to external networks. This vulnerability directly violates the principle of least privilege and can lead to complete compromise of the security posture of systems relying on FortiAIOps for threat detection and response.

Organizations should immediately implement mitigations including the deployment of web application firewalls to detect and block suspicious request patterns, ensuring that all state-changing operations require proper anti-CSRF tokens, and implementing strict access controls that limit exposure of the FortiAIOps management interface. The ATT&CK framework categorizes this type of vulnerability under T1566 - Phishing and T1071.1 - Application Layer Protocol: Web Protocols, highlighting the need for both network-level protections and user awareness training. Additionally, implementing proper session management practices, including the use of secure cookies with appropriate flags, and regular security assessments of web applications should be prioritized to prevent similar vulnerabilities from existing in other components of the security infrastructure.

Responsible

Fortinet

Reservation

02/26/2024

Disclosure

07/09/2024

Moderation

accepted

CPE

ready

EPSS

0.00305

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!