| IR Number | FG-IR-22-174 |
| Date | Nov 1, 2022 |
| Severity |
Medium |
| CVSSv3 Score | 4.2 |
| Impact | Improper access control |
| CVE ID | CVE-2022-38380 |
| Affected Products |
FortiOS
:
7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.11, 6.4.10, 6.4.1, 6.4.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiOS -- Read-Only users able to modify the Interface fields using the API
Summary
An improper access control [CWE-284] vulnerability in FortiOS may allow a remote authenticated read-only user to modify the interface settings via the API.
Affected Products
FortiOS version 7.2.0
FortiOS version 7.0.0 through 7.0.7
FortiOS 6.4 all versions
Solutions
Please upgrade to FortiOS version 7.2.1 or above
Please upgrade to FortiOS version 7.0.8 or above