Lucene search
HistorySep 06, 2022 - 6:15 p.m.
CVE-2022-30298
fortinet fortisoar
privilege management
arbitrary python commands
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
12.6%
An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.
Affected configurations
Node
fortinetfortisoarRange6.4.0–6.4.4
ORfortinetfortisoarRange7.0.0–7.0.3
ORfortinetfortisoarMatch7.2.0
References
Related
cvelist
cvelist
CVE-2022-30298
2022-09-06 15:10:29
prion
prion
Privilege escalation
2022-09-06 18:15:00
cnvd
cnvd
Fortinet FortiSOAR Rights Management Error Vulnerability
2022-11-16 00:00:00
cve
cve
CVE-2022-30298
2022-09-06 18:15:15
fortinet
fortinet
FortiSOAR - Privilege escalation from nginx user to root
2022-09-06 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
12.6%
Related for NVD:CVE-2022-30298