CVE-2022-38378

Published Feb 16, 2023

Last updated a year ago

Overview

Description
An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.
Source
psirt@fortinet.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
6
Impact score
5.2
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-269
psirt@fortinet.com
CWE-269

Social media

Hype score
Not currently trending

Configurations