CVE-2018-1354
MEDIUMFortinet Fortianalyzer < 6.0.0 - Incorrect Permission Assignment
Title source: ruleDescription
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041183
Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-18-014
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041182
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104537
Scores
CVSS v3
6.5
EPSS
0.0020
EPSS Percentile
42.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-732
Status
published
Products (2)
fortinet/fortianalyzer
< 6.0.0
fortinet/fortimanager
< 6.0.0
Published
Jun 27, 2018
Tracked Since
Feb 18, 2026