CVE-2023-36554Improper Access Control in Fortinet Fortimanager

CWE-284Improper Access Control4 documents4 sources
Severity
9.8CRITICALNVD
CNA8.1
EPSS
0.2%
top 57.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortimanager
Timeline
PublishedMar 12

Description

A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortimanager7.2.07.2.3+4
NVDfortinet/fortimanager6.2.06.2.12+4

🔴Vulnerability Details

2
GHSA
GHSA-qxp3-9pp5-5ph4: A improper access control in Fortinet FortiManager version 72024-03-12
CVEList
CVE-2023-36554: A improper access control in Fortinet FortiManager version 72024-03-12

📋Vendor Advisories

1
Fortinet
Improper access control in backup and restore features2024-03-12
CVE-2023-36554 — Improper Access Control in Fortinet | cvebase