Описание
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.1 Medium
CVSS3
7.8 High
CVSS3
Дефекты
Связанные уязвимости
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.
Уязвимость программного средства для централизованного управления устройствами Fortinet FortiManager и межсетевого экрана FortiAnalyzer, связанная с отсутствием необходимой проверки при изменении пароля, позволяющая нарушителю изменять пароли администратора
EPSS
6.1 Medium
CVSS3
7.8 High
CVSS3