PT-2023-14784 · Fortinet · Fortimanager+1
Published
2023-01-05
·
Updated
2023-01-11
·
CVE-2022-45857
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
FortiManager versions 6.4.6 and below
Description
The issue is related to an incorrect user management vulnerability in the VDOM creation component. This may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super admin account is deleted.
Recommendations
For FortiManager versions 6.4.6 and below, consider restricting access to the VDOM creation component until a fix is available. As a temporary workaround, avoid deleting the super admin account to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortigate
Fortimanager