Lucene search
MitreCVE-2013-4604HistoryJun 25, 2013 - 2:38 p.m.
CVE-2013-4604
2013-06-2514:38:18
CWE-264
mitre
web.nvd.nist.gov
28
cve-2013-4604
fortinet
fortios
authentication
remote access
security vulnerability
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.002
Percentile
61.8%
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.
Affected configurations
Node
fortinetfortiosRange≤5.0.2
ORfortinetfortiosMatch5.0.1
References
Related
cvelist
cvelist
CVE-2013-4604
2013-06-25 14:00:00
nessus
nessus
Fortinet FortiOS 5.x < 5.0.3 Security Bypass
2014-04-15 00:00:00
prion
prion
Design/Logic Flaw
2013-06-25 14:38:00
nvd
nvd
CVE-2013-4604
2013-06-25 14:38:18
fortinet
fortinet
Improper Guest User Permission Management Issue in FortiGate
2013-06-13 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.002
Percentile
61.8%
Related for CVE-2013-4604