CVE-2023-45581

Summary

An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientEMS7.2.0 <= 7.2.2affected
FortinetFortiClientEMS7.0.6 <= 7.0.10affected
FortinetFortiClientEMS7.0.0 <= 7.0.4affected
FortinetFortiClientEMS6.4.7 <= 6.4.9affected
FortinetFortiClientEMS6.4.0 <= 6.4.4affected
FortinetFortiClientEMS6.2.6 <= 6.2.9affected
FortinetFortiClientEMS6.2.0 <= 6.2.4affected

Weaknesses

  • CWE-269: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References