CVE-2022-30298
published 2022-09-06CVE-2022-30298: An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortinet_fortisoar | — | — |
| fortinet | fortisoar | — | — |
| fortinet | fortisoar | — | — |
| fortinet | fortisoar | 6.4.0 – 6.4.4 | — |
| fortinet | fortisoar | >= 7.0.0 < 7.0.3 | 7.0.3 |