CVE-2022-38377
MEDIUMFortiManager/FortiAnalyzer <7.2.0 - Privilege Escalation
Title source: llmDescription
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://fortiguard.com/psirt/FG-IR-20-143
Scores
CVSS v3
4.3
EPSS
0.0016
EPSS Percentile
36.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (4)
fortinet/fortianalyzer
7.2.0
fortinet/fortianalyzer
6.0.0 - 6.0.12
fortinet/fortimanager
7.2.0
fortinet/fortimanager
6.0.0 - 6.0.11
Published
Nov 25, 2022
Tracked Since
Feb 18, 2026