PT-2019-4085 · Fortinet · Fortimail

Published

2019-10-18

Updated

2020-08-24

CVE-2019-15712

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FortiMail versions 5.4.10 and below FortiMail versions 6.0.0 through 6.0.6 FortiMail version 6.2.0

Description The issue is related to improper access control in the FortiMail admin webUI, which may allow unauthorized access to the web console. The vulnerability can be exploited by a remote attacker to bypass existing security restrictions and download a system backup.

Recommendations For FortiMail versions 5.4.10 and below, update to a version above 5.4.10 to resolve the issue. For FortiMail versions 6.0.0 through 6.0.6, update to a version above 6.0.6 to resolve the issue. For FortiMail version 6.2.0, update to a version above 6.2.0 to resolve the issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2019-04653

CVE-2019-15712

Affected Products

Fortimail

PT-2019-4085 · Fortinet · Fortimail

CVE-2019-15712

Weakness Enumeration

Related Identifiers

Affected Products

References · 6