CVE-2022-38377
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiManager 7.2.0, 7.0.0 a 7.0.3, 6.4.0 a 6.4.7, 6.2.0 a 6.2.9, 6.0.0 a 6.0.11 y FortiAnalyzer 7.2 .0, 7.0.0 a 7.0.3, 6.4.0 a 6.4.8, 6.2.0 a 6.2.10, 6.0.0 a 6.0.12 pueden permitir que un usuario administrador remoto y autenticado asignado a un ADOM específico acceda a otros ADOM de información, como información del dispositivo e información del panel.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2022-08-16 CVE Reserved
- 2022-11-25 CVE Published
- 2024-06-17 EPSS Updated
- 2024-10-22 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-20-143 | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 6.0.0 <= 6.0.12 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 6.0.0 <= 6.0.12" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 6.2.0 <= 6.2.10 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 6.2.0 <= 6.2.10" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 6.4.0 <= 6.4.8 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 6.4.0 <= 6.4.8" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 7.0.0 <= 7.0.3 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 7.0.0 <= 7.0.3" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | 7.2.0 Search vendor "Fortinet" for product "Fortianalyzer" and version "7.2.0" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | >= 6.0.0 <= 6.0.11 Search vendor "Fortinet" for product "Fortimanager" and version " >= 6.0.0 <= 6.0.11" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | >= 6.2.0 <= 6.2.9 Search vendor "Fortinet" for product "Fortimanager" and version " >= 6.2.0 <= 6.2.9" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | >= 6.4.0 <= 6.4.7 Search vendor "Fortinet" for product "Fortimanager" and version " >= 6.4.0 <= 6.4.7" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | >= 7.0.0 <= 7.0.3 Search vendor "Fortinet" for product "Fortimanager" and version " >= 7.0.0 <= 7.0.3" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | 7.2.0 Search vendor "Fortinet" for product "Fortimanager" and version "7.2.0" | - |
Affected
| ||||||