An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.
References
History

Tue, 22 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-02-16T18:06:36.339Z

Updated: 2024-10-22T20:49:30.558Z

Reserved: 2022-08-16T14:17:48.481Z

Link: CVE-2022-38378

cve-icon Vulnrichment

Updated: 2024-08-03T10:54:03.429Z

cve-icon NVD

Status : Modified

Published: 2023-02-16T19:15:12.930

Modified: 2024-11-21T07:16:21.357

Link: CVE-2022-38378

cve-icon Redhat

No data.