Unrated severityNVD Advisory· Published Sep 13, 2023· Updated Sep 24, 2024
CVE-2023-36638
CVE-2023-36638
Description
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.
Affected products
4>=6.0, <=7.2.2+ 1 more
- (no CPE)range: >=6.0, <=7.2.2
- (no CPE)range: 7.2.0
>=6.0, <=7.2.2+ 1 more
- (no CPE)range: >=6.0, <=7.2.2
- (no CPE)range: 7.2.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.