Lucene search
FortinetCVELIST:CVE-2022-38380HistoryNov 02, 2022 - 12:00 a.m.
CVE-2022-38380
2022-11-0200:00:00
fortinet
www.cve.org
5
fortios
access control
vulnerability
remote authenticated
api
interface settings
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:F
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
35.3%
An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.
CNA Affected
[
{
"vendor": "Fortinet",
"product": "Fortinet FortiOS",
"versions": [
{
"version": "FortiOS 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0",
"status": "affected"
}
]
}
]References
Related
prion
prion
Improper access control
2022-11-02 12:15:00
nessus
nessus
Fortinet FortiOS Improper Access Control (FG-IR-22-174)
2022-11-04 00:00:00
cve
cve
CVE-2022-38380
2022-11-02 12:15:54
fortinet
fortinet
Protect
2022-11-01 00:00:00
nvd
nvd
CVE-2022-38380
2022-11-02 12:15:54
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:F
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
35.3%
Related for CVELIST:CVE-2022-38380