CVE Vulnerabilities

CVE-2023-45581

Published: Feb 15, 2024 | Modified: Feb 20, 2024
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.

Affected Software

Name Vendor Start Version End Version
Forticlient_enterprise_management_server Fortinet * 7.0.10 (excluding)
Forticlient_enterprise_management_server Fortinet 7.2.0 (including) 7.2.2 (including)

References