Improper access control

2023-10-1017:15:00

PRIOn knowledge base

www.prio-n.com

cwe-284

fortimanager

remote attacker

authenticated

device management

adom

8.9 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least “device management” permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs

CPENameOperatorVersion
fortimanagereq7.2.0
fortimanagereq7.2.1
fortimanagerge6.0.0
fortimanagerle6.0.12
fortimanagereq7.2.2
fortimanagerge7.0.0
fortimanagerle7.0.7
fortimanagerge6.4.0
fortimanagerle6.4.11
fortimanagerge6.2.0

Name	Operator	Version
fortimanager	eq	7.2.0
fortimanager	eq	7.2.1
fortimanager	ge	6.0.0
fortimanager	le	6.0.12
fortimanager	eq	7.2.2
fortimanager	ge	7.0.0
fortimanager	le	7.0.7
fortimanager	ge	6.4.0
fortimanager	le	6.4.11
fortimanager	ge	6.2.0

Rows per page:

1-10 of 111

References

fortiguard.com/psirt/FG-IR-23-062