What is the severity of CVE-2022-27488?

CVE-2022-27488 is rated as a critical vulnerability due to its potential impact on affected systems.

How do I fix CVE-2022-27488?

To mitigate CVE-2022-27488, update Fortinet FortiVoice, FortiMail, FortiSwitch, or FortiRecorder to the latest patched versions.

Which versions are affected by CVE-2022-27488?

CVE-2022-27488 affects multiple versions of Fortinet FortiVoice, FortiMail, FortiSwitch, and FortiRecorder across several release iterations.

Is CVE-2022-27488 a cross-site request forgery vulnerability?

Yes, CVE-2022-27488 is identified as a cross-site request forgery (CSRF) vulnerability.

What types of products are affected by CVE-2022-27488?

CVE-2022-27488 affects various Fortinet products including FortiVoice, FortiMail, FortiSwitch, and FortiRecorder.

Vulnerability/
CVE-2022-27488

high

8.8

CWE

352

13/12/2023

3/8/2024

CVE-2022-27488: CSRF

First published: Wed Dec 13 2023(Updated: )

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiAI	=1.1.0
Fortinet FortiAI	=1.5.3
Fortinet Fortimail-200d	>=6.0.0<=6.0.12
Fortinet Fortimail-200d	>=6.2.0<=6.2.9
Fortinet Fortimail-200d	>=6.4.0<=6.4.6
Fortinet Fortimail-200d	>=7.0.0<=7.0.3
Fortinet FortiNDR	>=7.0.0<=7.0.4
Fortinet FortiNDR	=7.1.0
Fortinet FortiRecorder 400D	>=2.6.0<=2.6.3
Fortinet FortiRecorder 400D	>=2.7.0<=2.7.7
Fortinet FortiRecorder 400D	>=6.0.0<=6.0.11
Fortinet FortiRecorder 400D	>=6.4.0<=6.4.2
Fortinet FortiVoice Enterprise	>=6.0.0<=6.0.11
Fortinet FortiVoice Enterprise	>=6.4.0<=6.4.7
Fortinet FortiSwitch	>=6.0.0<=6.0.7
Fortinet FortiSwitch	>=6.2.0<=6.2.7
Fortinet FortiSwitch	>=6.4.0<=6.4.10
Fortinet FortiSwitch	>=7.0.0<=7.0.4

Remedy

Please upgrade to FortiVoice version 7.0.0 or above Please upgrade to FortiVoice version 6.4.8 or above Please upgrade to FortiVoice version 6.0.12 or above Please upgrade to FortiRecorder version 7.0.0 or above Please upgrade to FortiRecorder version 6.4.3 or above Please upgrade to FortiRecorder version 6.0.12 or above Please upgrade to FortiSwitch version 7.2.0 or above Please upgrade to FortiSwitch version 7.0.5 or above Please upgrade to FortiSwitch version 6.4.11 or above Please upgrade to FortiNDR version 7.2.0 or above Please upgrade to FortiNDR version 7.1.1 or above Please upgrade to FortiNDR version 7.0.5 or above Please upgrade to FortiMail version 7.2.0 or above Please upgrade to FortiMail version 7.0.4 or above Please upgrade to FortiMail version 6.4.7 or above

Never miss a vulnerability like this again

Reference Links

https://fortiguard.com/psirt/FG-IR-22-038

Frequently Asked Questions

What is the severity of CVE-2022-27488?
CVE-2022-27488 is rated as a critical vulnerability due to its potential impact on affected systems.
How do I fix CVE-2022-27488?
To mitigate CVE-2022-27488, update Fortinet FortiVoice, FortiMail, FortiSwitch, or FortiRecorder to the latest patched versions.
Which versions are affected by CVE-2022-27488?
CVE-2022-27488 affects multiple versions of Fortinet FortiVoice, FortiMail, FortiSwitch, and FortiRecorder across several release iterations.
Is CVE-2022-27488 a cross-site request forgery vulnerability?
Yes, CVE-2022-27488 is identified as a cross-site request forgery (CSRF) vulnerability.
What types of products are affected by CVE-2022-27488?
CVE-2022-27488 affects various Fortinet products including FortiVoice, FortiMail, FortiSwitch, and FortiRecorder.

agent/type
agent/event
agent/first-publish-date
agent/severity
agent/weakness
agent/references
agent/remedy
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortiai
version/fortinet fortiai/1.1.0
version/fortinet fortiai/1.5.3
canonical/fortinet fortimail-200d
version/fortinet fortimail-200d/6.0.0
version/fortinet fortimail-200d/6.0.12
version/fortinet fortimail-200d/6.2.0
version/fortinet fortimail-200d/6.2.9
version/fortinet fortimail-200d/6.4.0
version/fortinet fortimail-200d/6.4.6
version/fortinet fortimail-200d/7.0.0
version/fortinet fortimail-200d/7.0.3
canonical/fortinet fortindr
version/fortinet fortindr/7.0.0
version/fortinet fortindr/7.0.4
version/fortinet fortindr/7.1.0
canonical/fortinet fortirecorder 400d
version/fortinet fortirecorder 400d/2.6.0
version/fortinet fortirecorder 400d/2.6.3
version/fortinet fortirecorder 400d/2.7.0
version/fortinet fortirecorder 400d/2.7.7
version/fortinet fortirecorder 400d/6.0.0
version/fortinet fortirecorder 400d/6.0.11
version/fortinet fortirecorder 400d/6.4.0
version/fortinet fortirecorder 400d/6.4.2
canonical/fortinet fortivoice enterprise
version/fortinet fortivoice enterprise/6.0.0
version/fortinet fortivoice enterprise/6.0.11
version/fortinet fortivoice enterprise/6.4.0
version/fortinet fortivoice enterprise/6.4.7
canonical/fortinet fortiswitch
version/fortinet fortiswitch/6.0.0
version/fortinet fortiswitch/6.0.7
version/fortinet fortiswitch/6.2.0
version/fortinet fortiswitch/6.2.7
version/fortinet fortiswitch/6.4.0
version/fortinet fortiswitch/6.4.10
version/fortinet fortiswitch/7.0.0
version/fortinet fortiswitch/7.0.4