PT-2023-13601 · Fortinet · Fortiproxy+1
Published
2023-02-16
·
Updated
2023-02-24
·
CVE-2022-38378
CVSS v3.1
6.0
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiOS versions prior to 7.0.7
FortiProxy versions 7.2.0 through 7.2.1 and prior to 7.0.7
Description
An improper privilege management issue allows an attacker with access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.
Recommendations
For Fortinet FortiOS versions prior to 7.0.7, update to a version that includes the fix for this issue.
For FortiProxy versions 7.2.0 through 7.2.1 and prior to 7.0.7, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the admin profile section (System subsection Administrator Users) to minimize the risk of exploitation.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios
Fortiproxy