Lucene search
FortinetCVE-2022-30298HistorySep 06, 2022 - 6:15 p.m.
CVE-2022-30298
2022-09-0618:15:15
CWE-269
fortinet
web.nvd.nist.gov
29
10
cve-2022-30298
cwe-269
fortinet fortisoar
vulnerability
privilege management
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
12.6%
An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.
Affected configurations
Node
fortinetfortisoarRange6.4.0β6.4.4
ORfortinetfortisoarRange7.0.0β7.0.3
ORfortinetfortisoarMatch7.2.0
CNA Affected
[
{
"product": "Fortinet FortiSOAR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiSOAR 7.2.0, 7.0.2, 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.1, 6.4.0"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
CVE-2022-30298
2022-09-06 15:10:29
prion
prion
Privilege escalation
2022-09-06 18:15:00
cnvd
cnvd
Fortinet FortiSOAR Rights Management Error Vulnerability
2022-11-16 00:00:00
fortinet
fortinet
FortiSOAR - Privilege escalation from nginx user to root
2022-09-06 00:00:00
nvd
nvd
CVE-2022-30298
2022-09-06 18:15:15
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
12.6%
Related for CVE-2022-30298