CVE-2023-45581

EPSS 0.11%
Published 15.02.2024 14:15:45
Last modified 21.11.2024 08:27:00
Source psirt@fortinet.com
Teams watchlist Login
Open Login

An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Fortinet ≫ Forticlient Enterprise Management Server Version < 7.0.10

Fortinet ≫ Forticlient Enterprise Management Server Version >= 7.2.0 <= 7.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.3

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@fortinet.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://fortiguard.com/psirt/FG-IR-23-357

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-45581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-45581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-45581

EUVD