CVE-2013-4604 — Fortinet Fortios vulnerability

CWE-2643 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 39.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios

Timeline

PublishedJun 25

Latest updateMay 17

Description

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDfortinet/fortios5.0.2+1

🔴Vulnerability Details

GHSA

GHSA-pf5r-3phv-4jxv: Fortinet FortiOS before 5↗2022-05-17

▶

CVEList

CVE-2013-4604: Fortinet FortiOS before 5↗2013-06-25

▶