Lucene search

FortinetCVELIST:CVE-2022-27487

HistoryApr 11, 2023 - 4:06 p.m.

CVE-2022-27487

2023-04-1116:06:58

CWE-269

fortinet

www.cve.org

cve-2022-27487

fortinet

fortisandbox

fortideceptor

privilege management

unauthorized api calls

http

https

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiDeceptor",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "4.1.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "4.0.0",
        "lessThanOrEqual": "4.0.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.3.0",
        "lessThanOrEqual": "3.3.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.2.0",
        "lessThanOrEqual": "3.2.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.1.0",
        "lessThanOrEqual": "3.1.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.0.0",
        "lessThanOrEqual": "3.0.2",
        "status": "affected"
      },
      {
        "version": "2.1.0",
        "status": "affected"
      },
      {
        "version": "2.0.0",
        "status": "affected"
      },
      {
        "version": "1.1.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "1.0.0",
        "lessThanOrEqual": "1.0.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fortinet",
    "product": "FortiSandbox",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "4.2.0",
        "lessThanOrEqual": "4.2.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "4.0.0",
        "lessThanOrEqual": "4.0.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.2.0",
        "lessThanOrEqual": "3.2.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.1.0",
        "lessThanOrEqual": "3.1.5",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.0.0",
        "lessThanOrEqual": "3.0.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "2.5.0",
        "lessThanOrEqual": "2.5.2",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-056

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for CVELIST:CVE-2022-27487