{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-27487", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2022-03-21T16:03:48.575Z", "datePublished": "2023-04-11T16:06:58.797Z", "dateUpdated": "2024-10-23T14:28:34.806Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiDeceptor", "defaultStatus": "unaffected", "versions": [{"version": "4.1.0", "status": "affected"}, {"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.2", "status": "affected"}, {"versionType": "semver", "version": "3.3.0", "lessThanOrEqual": "3.3.3", "status": "affected"}, {"versionType": "semver", "version": "3.2.0", "lessThanOrEqual": "3.2.2", "status": "affected"}, {"versionType": "semver", "version": "3.1.0", "lessThanOrEqual": "3.1.1", "status": "affected"}, {"versionType": "semver", "version": "3.0.0", "lessThanOrEqual": "3.0.2", "status": "affected"}, {"version": "2.1.0", "status": "affected"}, {"version": "2.0.0", "status": "affected"}, {"version": "1.1.0", "status": "affected"}, {"versionType": "semver", "version": "1.0.0", "lessThanOrEqual": "1.0.1", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSandbox", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "4.2.0", "lessThanOrEqual": "4.2.2", "status": "affected"}, {"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.2", "status": "affected"}, {"versionType": "semver", "version": "3.2.0", "lessThanOrEqual": "3.2.3", "status": "affected"}, {"versionType": "semver", "version": "3.1.0", "lessThanOrEqual": "3.1.5", "status": "affected"}, {"versionType": "semver", "version": "3.0.0", "lessThanOrEqual": "3.0.7", "status": "affected"}, {"versionType": "semver", "version": "2.5.0", "lessThanOrEqual": "2.5.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-04-11T16:06:58.797Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-269", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiDeceptor version 4.2.0 or above Please upgrade to FortiDeceptor version 4.1.1 or above Please upgrade to FortiDeceptor version 4.0.2 or above Please upgrade to FortiDeceptor version 3.3.3 or above Please upgrade to FortiSandbox version 4.2.3 or above Please upgrade to FortiSandbox version 4.0.3 or above Please upgrade to FortiSandbox version 3.2.4 or above "}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-056", "url": "https://fortiguard.com/psirt/FG-IR-22-056"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:57.807Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-056", "url": "https://fortiguard.com/psirt/FG-IR-22-056", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T14:11:12.648760Z", "id": "CVE-2022-27487", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:28:34.806Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-056", "name": "https://fortiguard.com/psirt/FG-IR-22-056", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:57.807Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-27487", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-23T14:11:12.648760Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:14:52.315Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "FortiDeceptor", "versions": [{"status": "affected", "version": "4.1.0"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.2"}, {"status": "affected", "version": "3.3.0", "versionType": "semver", "lessThanOrEqual": "3.3.3"}, {"status": "affected", "version": "3.2.0", "versionType": "semver", "lessThanOrEqual": "3.2.2"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.1.1"}, {"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.0.2"}, {"status": "affected", "version": "2.1.0"}, {"status": "affected", "version": "2.0.0"}, {"status": "affected", "version": "1.1.0"}, {"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "1.0.1"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiSandbox", "versions": [{"status": "affected", "version": "4.2.0", "versionType": "semver", "lessThanOrEqual": "4.2.2"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.2"}, {"status": "affected", "version": "3.2.0", "versionType": "semver", "lessThanOrEqual": "3.2.3"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.1.5"}, {"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.0.7"}, {"status": "affected", "version": "2.5.0", "versionType": "semver", "lessThanOrEqual": "2.5.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiDeceptor version 4.2.0 or above Please upgrade to FortiDeceptor version 4.1.1 or above Please upgrade to FortiDeceptor version 4.0.2 or above Please upgrade to FortiDeceptor version 3.3.3 or above Please upgrade to FortiSandbox version 4.2.3 or above Please upgrade to FortiSandbox version 4.0.3 or above Please upgrade to FortiSandbox version 3.2.4 or above "}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-056", "name": "https://fortiguard.com/psirt/FG-IR-22-056"}], "descriptions": [{"lang": "en", "value": "A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-04-11T16:06:58.797Z"}}}, "cveMetadata": {"cveId": "CVE-2022-27487", "state": "PUBLISHED", "dateUpdated": "2024-10-23T14:28:34.806Z", "dateReserved": "2022-03-21T16:03:48.575Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-04-11T16:06:58.797Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "39B4357A-55DD-498F-B4B2-68A77285612B", "versionEndExcluding": "3.3.3", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "16BF9690-3D39-4FCC-A314-68C17E1E0892", "versionEndIncluding": "4.0.2", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "48655ECC-C9A9-4AD9-993B-7B2965E9266F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "30C67A05-44FD-462B-BC47-2EAE11358063", "versionEndExcluding": "3.2.4", "versionStartIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AD1B101-4071-480C-AF8A-AE66FF92D589", "versionEndExcluding": "4.0.3", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C401836-2D68-4CA3-8735-D9EC9DDB15F6", "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests."}], "id": "CVE-2022-27487", "lastModified": "2024-11-21T06:55:49.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-11T17:15:07.193", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-056"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}