Fortinet FortiAnalyzer Privilege Licensing and Access Control Issues Vulnerability

2022-03-0300:00:00

China National Vulnerability Database

www.cnvd.org.cn

0.001 Low

EPSS

Percentile

42.9%

JSON

Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet (USA). The product is used to collect network log data and analyze, report, and archive security events, network traffic, and Web content in the logs through the reporting suite.Fortinet FortiAnalyzer is vulnerable to an access control error that results from a network system or product not properly restricting access to resources from unauthorized roles. An attacker could use this vulnerability to bypass device policies and force its users to perform a password change operation.

CPENameOperatorVersion
Fortinet FortiAnalyzer >=5.6.0，le5.6.11
Fortinet FortiAnalyzer >=6.0.0，le6.0.11
Fortinet FortiAnalyzer >=6.2.0，le6.2.9
Fortinet FortiAnalyzer >=6.4.0，le6.4.7
Fortinet FortiAnalyzer >=7.0.0，<=7 .eq0.2
Fortinet FortiAnalyzer >=7.0.0，le7.0.2

Name	Operator	Version
Fortinet FortiAnalyzer >=5.6.0，	le	5.6.11
Fortinet FortiAnalyzer >=6.0.0，	le	6.0.11
Fortinet FortiAnalyzer >=6.2.0，	le	6.2.9
Fortinet FortiAnalyzer >=6.4.0，	le	6.4.7
Fortinet FortiAnalyzer >=7.0.0，<=7 .	eq	0.2
Fortinet FortiAnalyzer >=7.0.0，	le	7.0.2

0.001 Low

EPSS

Percentile

42.9%

JSON

Related for CNVD-2022-18533