FortiAnalyzer, FortiManager - bypass of client-side password change policy enforcement

2022-03-0100:00:00

FortiGuard Labs

www.fortiguard.com

0.001 Low

EPSS

Percentile

42.9%

JSON

An improper handling of insufficient permissions or privileges vulnerability [CWE-280] in FortiAnalyzer and FortiManager may allow an authenticated attacker to bypass the device policy and force the password-change action for its user.

CPENameOperatorVersion
fortimanagereq7.0.2
fortimanagereq7.0.1
fortimanagereq7.0.0
fortimanagereq6.4.7
fortimanagereq6.4.6
fortimanagereq6.4.5
fortimanagereq6.4.4
fortimanagereq6.4.3
fortimanagereq6.4.2
fortimanagereq6.4.1

Name	Operator	Version
fortimanager	eq	7.0.2
fortimanager	eq	7.0.1
fortimanager	eq	7.0.0
fortimanager	eq	6.4.7
fortimanager	eq	6.4.6
fortimanager	eq	6.4.5
fortimanager	eq	6.4.4
fortimanager	eq	6.4.3
fortimanager	eq	6.4.2
fortimanager	eq	6.4.1

Rows per page:

1-10 of 961

0.001 Low

EPSS

Percentile

42.9%

JSON

Related for FG-IR-21-255