Описание
An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiWeb 7.6.0 through 7.6.1, FortiWeb 7.4.0 through 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одно из
Одно из
EPSS
6.6 Medium
CVSS3
7.2 High
CVSS3
Дефекты
Связанные уязвимости
An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & FortiWeb version 7.6.0 through 7.6.1 and before 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.
Уязвимость межсетевого экрана веб-приложений FortiWeb, операционных систем FortiOS и прокси-сервера для защиты от интернет-атак FortiProxy, связанная с ошибками при управлении привилегиями, позволяющая нарушителю повысить свои привилегии
EPSS
6.6 Medium
CVSS3
7.2 High
CVSS3