Описание
An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
4.8 Medium
CVSS3
Дефекты
Связанные уязвимости
An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.
Уязвимость сервера управления программами Fortinet FortiClient Enterprise Management Server (EMS), связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить несанкционированный доступ на изменение, добавление или удаление данных
EPSS
4.8 Medium
CVSS3