CVE-2017-7337

2017-05-2622:00:00

fortinet

www.cve.org

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user’s stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.

CNA Affected

[
  {
    "product": "Fortinet FortiPortal",
    "vendor": "Fortinet, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "FortiPortal versions 4.0.0 and below"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-17-114