CVE-2022-38377

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-20-143 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*

History

01 Dec 2022, 13:28

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 2.7
References (MISC) https://fortiguard.com/psirt/FG-IR-20-143 - (MISC) https://fortiguard.com/psirt/FG-IR-20-143 - Patch, Vendor Advisory
CWE NVD-CWE-Other
CPE cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*

25 Nov 2022, 18:42

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-25 16:15

Updated : 2024-02-04 23:14


NVD link : CVE-2022-38377

Mitre link : CVE-2022-38377

CVE.ORG link : CVE-2022-38377


JSON object : View

Products Affected

fortinet

  • fortianalyzer
  • fortimanager
CWE
NVD-CWE-Other CWE-284

Improper Access Control