CVE-2022-38377
First published: Fri Nov 25 2022(Updated: )
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiAnalyzer | >=6.0.0<=6.0.12 | |
| Fortinet FortiAnalyzer | >=6.2.0<=6.2.10 | |
| Fortinet FortiAnalyzer | >=6.4.0<=6.4.8 | |
| Fortinet FortiAnalyzer | >=7.0.0<=7.0.3 | |
| Fortinet FortiAnalyzer | =7.2.0 | |
| Fortinet FortiManager | >=6.0.0<=6.0.11 | |
| Fortinet FortiManager | >=6.2.0<=6.2.9 | |
| Fortinet FortiManager | >=6.4.0<=6.4.7 | |
| Fortinet FortiManager | >=7.0.0<=7.0.3 | |
| Fortinet FortiManager | =7.2.0 |
Remedy
Please upgrade to FortiManager version 7.2.1 or above Please upgrade to FortiManager version 7.0.4 or above Please upgrade to FortiManager version 6.4.8 or above Please upgrade to FortiAnalyzer version 7.2.1 or above Please upgrade to FortiAnalyzer version 7.0.4 or above Please upgrade to FortiAnalyzer version 6.4.9 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-38377?
CVE-2022-38377 is an improper access control vulnerability in FortiManager and FortiAnalyzer software versions 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.11.
How severe is CVE-2022-38377?
CVE-2022-38377 has a severity rating of 2.7, which is considered medium.
What is the affected software of CVE-2022-38377?
The affected software includes FortiManager versions 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.11, as well as FortiAnalyzer versions 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, and 6.0.0 through 6.0.12.
How can I fix CVE-2022-38377?
To fix CVE-2022-38377, it is recommended to update FortiManager and FortiAnalyzer software to the latest patched versions provided by Fortinet.
Where can I find more information about CVE-2022-38377?
You can find more information about CVE-2022-38377 on the FortiGuard website. Refer to the reference link provided.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortianalyzer
- version/fortinet fortianalyzer/6.0.0
- version/fortinet fortianalyzer/6.0.12
- version/fortinet fortianalyzer/6.2.0
- version/fortinet fortianalyzer/6.2.10
- version/fortinet fortianalyzer/6.4.0
- version/fortinet fortianalyzer/6.4.8
- version/fortinet fortianalyzer/7.0.0
- version/fortinet fortianalyzer/7.0.3
- version/fortinet fortianalyzer/7.2.0
- canonical/fortinet fortimanager
- version/fortinet fortimanager/6.0.0
- version/fortinet fortimanager/6.0.11
- version/fortinet fortimanager/6.2.0
- version/fortinet fortimanager/6.2.9
- version/fortinet fortimanager/6.4.0
- version/fortinet fortimanager/6.4.7
- version/fortinet fortimanager/7.0.0
- version/fortinet fortimanager/7.0.3
- version/fortinet fortimanager/7.2.0