Improper Access Control Vulnerability in Fortinet FortiPortal
CVE-2017-7337
9.1CRITICAL
Summary
An improper access control vulnerability in Fortinet FortiPortal versions up to 4.0.0 allows unauthorized users to interact with virtual domains (VDOMs) and enumerate additional administrative domains (ADOMs) through stolen session tokens and Cross-Site Request Forgery (CSRF) tokens. Attackers can exploit this flaw via the adomName parameter in specific requests, potentially compromising sensitive data and application integrity.
Affected Version(s)
Fortinet FortiPortal FortiPortal versions 4.0.0 and below
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved