CVE-2023-45581 — Improper Privilege Management in Fortinet Forticlient Enterprise Management Server

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.2HIGHNVD

CNA8.8

EPSS

0.1%

top 70.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Enterprise Management Server Fortinet Forticlientems

Timeline

PublishedFeb 15

Description

An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/forticlient_enterprise_management_server7.2.0 — 7.2.2+1

▶CVEListV5fortinet/forticlientems7.2.0 — 7.2.2+6

🔴Vulnerability Details

CVEList

CVE-2023-45581: An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7↗2024-02-15

▶

GHSA

GHSA-gcc7-m89j-w3pq: An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7↗2024-02-15

▶

📋Vendor Advisories

Fortinet

An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and befo...↗2024-02-15

▶