An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least device management permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fortimanager | Fortinet | 6.0.0 (including) | 6.0.12 (including) |
Fortimanager | Fortinet | 6.2.0 (including) | 6.2.12 (including) |
Fortimanager | Fortinet | 6.4.0 (including) | 6.4.11 (including) |
Fortimanager | Fortinet | 7.0.0 (including) | 7.0.7 (including) |
Fortimanager | Fortinet | 7.2.0 (including) | 7.2.0 (including) |
Fortimanager | Fortinet | 7.2.1 (including) | 7.2.1 (including) |
Fortimanager | Fortinet | 7.2.2 (including) | 7.2.2 (including) |