Unrated severityNVD Advisory· Published Jul 8, 2013· Updated Apr 29, 2026

CVE-2013-1414

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.

Affected products

Fortinet/Fortios4 versions
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*range: <=4.3.12
- cpe:2.3:o:fortinet:fortios:4.3.10:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*
Fortinet/Fortigate 1000c
cpe:2.3:h:fortinet:fortigate-1000c:-:*:*:*:*:*:*:*
Fortinet/Fortigate 100d
cpe:2.3:h:fortinet:fortigate-100d:-:*:*:*:*:*:*:*
Fortinet/Fortigate 110c
cpe:2.3:h:fortinet:fortigate-110c:-:*:*:*:*:*:*:*
Fortinet/Fortigate 1240b
cpe:2.3:h:fortinet:fortigate-1240b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 200b
cpe:2.3:h:fortinet:fortigate-200b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 20c
cpe:2.3:h:fortinet:fortigate-20c:-:*:*:*:*:*:*:*
Fortinet/Fortigate 300c
cpe:2.3:h:fortinet:fortigate-300c:-:*:*:*:*:*:*:*
Fortinet/Fortigate 3040b
cpe:2.3:h:fortinet:fortigate-3040b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 310b
cpe:2.3:h:fortinet:fortigate-310b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 311b
cpe:2.3:h:fortinet:fortigate-311b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 3140b
cpe:2.3:h:fortinet:fortigate-3140b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 3240c
cpe:2.3:h:fortinet:fortigate-3240c:-:*:*:*:*:*:*:*
Fortinet/Fortigate 3810a
cpe:2.3:h:fortinet:fortigate-3810a:-:*:*:*:*:*:*:*
Fortinet/Fortigate 3950b
cpe:2.3:h:fortinet:fortigate-3950b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 40c
cpe:2.3:h:fortinet:fortigate-40c:-:*:*:*:*:*:*:*
Fortinet/Fortigate 5001a Sw
cpe:2.3:h:fortinet:fortigate-5001a-sw:-:*:*:*:*:*:*:*
Fortinet/Fortigate 5001b
cpe:2.3:h:fortinet:fortigate-5001b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 5020
cpe:2.3:h:fortinet:fortigate-5020:-:*:*:*:*:*:*:*
Fortinet/Fortigate 5060
cpe:2.3:h:fortinet:fortigate-5060:-:*:*:*:*:*:*:*
Fortinet/Fortigate 50b
cpe:2.3:h:fortinet:fortigate-50b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 5101c
cpe:2.3:h:fortinet:fortigate-5101c:-:*:*:*:*:*:*:*
Fortinet/Fortigate 5140b
cpe:2.3:h:fortinet:fortigate-5140b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 600c
cpe:2.3:h:fortinet:fortigate-600c:-:*:*:*:*:*:*:*
Fortinet/Fortigate 60c
cpe:2.3:h:fortinet:fortigate-60c:-:*:*:*:*:*:*:*
Fortinet/Fortigate 620b
cpe:2.3:h:fortinet:fortigate-620b:-:*:*:*:*:*:*:*
Fortinet/Fortigate 800c
cpe:2.3:h:fortinet:fortigate-800c:-:*:*:*:*:*:*:*
Fortinet/Fortigate 80c
cpe:2.3:h:fortinet:fortigate-80c:-:*:*:*:*:*:*:*
Fortinet/Fortigate Voice 80c
cpe:2.3:h:fortinet:fortigate-voice-80c:-:*:*:*:*:*:*:*
Fortinet/Fortigaterugged 100c
cpe:2.3:h:fortinet:fortigaterugged-100c:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/26528/nvdExploit

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000