Lucene search

[email protected]NVD:CVE-2022-33877

HistoryJun 13, 2023 - 9:15 a.m.

CVE-2022-33877

2023-06-1309:15:14

CWE-276

[email protected]

web.nvd.nist.gov

cve-2022-33877

forticlient

forticonverter

windows

vulnerability

incorrect default permission

local authenticated attacker

file tampering

installation folder

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.

Affected configurations

NVD

Node

fortinetforticlientRange6.4.0–6.4.8windows

fortinetforticlientRange7.0.0–7.0.6windows

fortinetforticonverterRange6.0.0–6.0.3windows

fortinetforticonverterMatch6.2.0windows

fortinetforticonverterMatch6.2.1windows

fortinetforticonverterMatch7.0.0windows

References

fortiguard.com/psirt/FG-IR-22-229

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-33877

cve1 nessus1 cvelist1 fortinet1 prion1