An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-346 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-02-16T18:06:36.339Z
Updated: 2024-08-03T10:54:03.429Z
Reserved: 2022-08-16T14:17:48.481Z
Link: CVE-2022-38378
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-16T19:15:12.930
Modified: 2023-11-07T03:50:06.943
Link: CVE-2022-38378
Redhat
No data.