CVE-2018-1354

Summary

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.

Affected Software

VendorProductVersion RangeStatus
Fortinet, Inc.Fortinet FortiManager, FortiAnalyzerFortiManager 6.0.0, 5.6.5 and below versionsaffected
Fortinet, Inc.Fortinet FortiManager, FortiAnalyzerFortiAnalyzer 6.0.0, 5.6.5 and below versionsaffected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References