CVE-2022-27488

7.5HIGH

Key Information

Vendor: Fortinet
Status: Fortivoice; Fortirecorder; Fortiswitch; Fortindr
Vendor: CVE Published:; 13 December 2023

Summary

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

Affected Version(s)

FortiVoice <= 6.4.7

FortiVoice <= 6.0.11

FortiRecorder <= 6.4.2

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 8.8 to: 7.5 - (HIGH)
Aug 3, 2024
Vulnerability published.
Dec 13, 2023
Vulnerability Reserved.
Mar 21, 2022

Collectors

NVD DatabaseMitre Database