CVE-2018-1354Incorrect Permission Assignment in Fortinet Fortianalyzer

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 57.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortianalyzerFortinet Fortimanager
Timeline
PublishedJun 27
Latest updateMay 13

Description

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-6893-wc3f-pwh2: An improper access control vulnerability in Fortinet FortiManager 62022-05-13
CVEList
CVE-2018-1354: An improper access control vulnerability in Fortinet FortiManager 62018-06-27

📋Vendor Advisories

1
Fortinet
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0,...2018-06-27
CVE-2018-1354 — Incorrect Permission Assignment | cvebase