Improper Privilege Management Vulnerability Affects FortiClientEMS

CVE-2023-45581

7.2HIGH

Key Information

Vendor: Fortinet
Status: FortiClientEMS
Vendor: CVE Published:; 15 February 2024

Summary

An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.

Affected Version(s)

FortiClientEMS <= 7.2.2

FortiClientEMS <= 7.0.10

FortiClientEMS <= 7.0.4

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.9 to: 7.2 - (HIGH)
Feb 21, 2024
Vulnerability published.
Feb 15, 2024
Vulnerability Reserved.
Oct 9, 2023

Collectors

NVD DatabaseMitre Database