CVE-2022-27488

Summary

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiVoice6.4.0 <= 6.4.7affected
FortinetFortiVoice6.0.0 <= 6.0.11affected
FortinetFortiRecorder6.4.0 <= 6.4.2affected
FortinetFortiRecorder6.0.0 <= 6.0.11affected
FortinetFortiRecorder2.7.0 <= 2.7.7affected
FortinetFortiRecorder2.6.0 <= 2.6.3affected
FortinetFortiSwitch7.0.0 <= 7.0.4affected
FortinetFortiSwitch6.4.0 <= 6.4.10affected
FortinetFortiSwitch6.2.0 <= 6.2.8affected
FortinetFortiSwitch6.0.0 <= 6.0.7affected
FortinetFortiNDR7.1.0affected
FortinetFortiNDR7.0.0 <= 7.0.4affected
FortinetFortiNDR1.5.0 <= 1.5.3affected
FortinetFortiNDR1.4.0affected
FortinetFortiNDR1.3.0 <= 1.3.1affected
FortinetFortiNDR1.2.0affected
FortinetFortiNDR1.1.0affected
FortinetFortiMail7.0.0 <= 7.0.3affected
FortinetFortiMail6.4.0 <= 6.4.6affected
FortinetFortiMail6.2.0 <= 6.2.9affected
FortinetFortiMail6.0.0 <= 6.0.12affected

Weaknesses

  • CWE-352: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

References