CVE-2022-38380

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.7 FortiOS version 7.2.0

Description The issue is related to improper access control, which may allow a remote authenticated read-only user to modify interface settings via the API. This could potentially be exploited by a remote attacker to alter settings.

Recommendations For FortiOS versions 7.0.0 through 7.0.7, consider restricting access to the API until a patch is available. For FortiOS version 7.2.0, consider disabling the interface settings modification functionality via the API as a temporary workaround. Avoid using the API for interface settings modification until the issue is resolved.