CVE-2023-36638
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.
Una vulnerabilidad de administración de privilegios inadecuada [CWE-269] en FortiManager 7.2.0 a 7.2.2, 7.0.0 a 7.0.7, 6.4.0 a 6.4.11, 6.2 todas las versiones, 6.0 todas las versiones y FortiAnalyzer 7.2.0 a 7.2 .2, 7.0.0 a 7.0.7, 6.4.0 a 6.4.11, 6.2 todas las versiones, 6.0 todas las versiones La API puede permitir que un usuario administrador de API remoto y autenticado acceda a algunas configuraciones del sistema, como la configuración del servidor de correo a través de la API a través de una ID de sesión de GUI robada.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-06-25 CVE Reserved
- 2023-09-13 CVE Published
- 2024-09-19 EPSS Updated
- 2024-09-24 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://fortiguard.com/psirt/FG-IR-22-522 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 6.0.0 < 6.4.12 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 6.0.0 < 6.4.12" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 7.0.0 < 7.0.8 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 7.0.0 < 7.0.8" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 7.2.0 < 7.2.3 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 7.2.0 < 7.2.3" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | >= 6.4.0 < 6.4.12 Search vendor "Fortinet" for product "Fortimanager" and version " >= 6.4.0 < 6.4.12" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | >= 7.0.0 < 7.0.8 Search vendor "Fortinet" for product "Fortimanager" and version " >= 7.0.0 < 7.0.8" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | >= 7.2.0 < 7.2.3 Search vendor "Fortinet" for product "Fortimanager" and version " >= 7.2.0 < 7.2.3" | - |
Affected
|