An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-346 |
History
Tue, 22 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-02-16T18:06:36.339Z
Updated: 2024-10-22T20:49:30.558Z
Reserved: 2022-08-16T14:17:48.481Z
Link: CVE-2022-38378
Vulnrichment
Updated: 2024-08-03T10:54:03.429Z
NVD
Status : Modified
Published: 2023-02-16T19:15:12.930
Modified: 2024-11-21T07:16:21.357
Link: CVE-2022-38378
Redhat
No data.