CVE-2023-36635

Name of the Vulnerable Software and Affected Versions Fortinet FortiSwitchManager versions 7.0.0 through 7.0.1 Fortinet FortiSwitchManager versions 7.2.0 through 7.2.2

Description The issue is related to improper access control in Fortinet FortiSwitchManager, which may allow a remote authenticated read-only user to modify interface settings via the API. This can be achieved by sending commands through the application programming interface.

Recommendations For Fortinet FortiSwitchManager versions 7.0.0 through 7.0.1, consider restricting access to the API to prevent unauthorized modifications to interface settings until a patch is available. For Fortinet FortiSwitchManager versions 7.2.0 through 7.2.2, consider disabling the API functionality temporarily to minimize the risk of exploitation.