CVE-2022-38377

Published Nov 25, 2022

Last updated a year ago

CVSS low 2.7

Overview

Description: An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
Source: psirt@fortinet.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 2.7
Impact score: 1.4
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

Weaknesses

nvd@nist.gov: NVD-CWE-Other
psirt@fortinet.com: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2318A6AC-AA3E-4604-968C-35A46E79FCB8",
            "versionEndIncluding": "6.0.12",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E816164-8C08-4BF7-863B-112076AB6AE2",
            "versionEndIncluding": "6.2.10",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19769C95-B563-476D-A4B3-6C317294F1E9",
            "versionEndIncluding": "6.4.8",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42D096D2-1FCB-43A6-8CF3-3226F631BAC4",
            "versionEndIncluding": "7.0.3",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "319D2F9D-E1E5-49C7-8ABD-0A64D7B05D58"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD729EF3-1665-4CE7-9FDD-450D5F79A2B9",
            "versionEndIncluding": "6.0.11",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D79F4BE-B6BB-414A-A132-D3650B2B5B4F",
            "versionEndIncluding": "6.2.9",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "105F23CF-6375-402E-A2ED-9827510196EA",
            "versionEndIncluding": "6.4.7",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA4F8D67-139F-4524-88D4-B32A1580BFBE",
            "versionEndIncluding": "7.0.3",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "407755AA-0C23-4C5B-88A2-8BC12A3D268D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References