VYPR
Unrated severityNVD Advisory· Published Nov 25, 2022· Updated Oct 22, 2024

CVE-2022-38377

CVE-2022-38377

Description

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.

Affected products

4
  • Fortinet/Fortianalyzerllm-fuzzy2 versions
    7.2.0, 7.0.0-7.0.3, 6.4.0-6.4.8, 6.2.0-6.2.10, 6.0.0-6.0.12+ 1 more
    • (no CPE)range: 7.2.0, 7.0.0-7.0.3, 6.4.0-6.4.8, 6.2.0-6.2.10, 6.0.0-6.0.12
    • (no CPE)range: 7.2.0
  • Fortinet/Fortimanagerllm-fuzzy2 versions
    7.2.0, 7.0.0-7.0.3, 6.4.0-6.4.7, 6.2.0-6.2.9, 6.0.0-6.0.11+ 1 more
    • (no CPE)range: 7.2.0, 7.0.0-7.0.3, 6.4.0-6.4.7, 6.2.0-6.2.9, 6.0.0-6.0.11
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.