CSRF Vulnerability in Fortinet FortiVoice and Related Products
CVE-2022-27488

7.5HIGH

Key Information:

Vendor: Fortinet
Status: Fortivoice; Fortirecorder; Fortiswitch; Fortindr
Vendor: CVE Published:; 13 December 2023

What is CVE-2022-27488?

A cross-site request forgery vulnerability exists within multiple Fortinet products, including FortiVoiceEnterprise, FortiSwitch, and FortiMail. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the command-line interface. The exploit relies on tricking authenticated administrators into sending malicious GET requests, potentially compromising sensitive administrative functions.

Affected Version(s)

FortiMail 7.0.0 <= 7.0.3

FortiMail 6.4.0 <= 6.4.6

FortiMail 6.2.0 <= 6.2.9

References

https://fortiguard.com/psirt/FG-IR-22-038

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Mar 21, 2022