First published: Thu Feb 15 2024(Updated: )
An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiClient EMS Cloud | <7.0.10 | |
Fortinet FortiClient EMS Cloud | >=7.2.0<=7.2.2 |
Please upgrade to FortiClientEMS version 7.2.3 or above Please upgrade to FortiClientEMS version 7.0.11 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-45581 is considered a critical vulnerability due to its potential for improper privilege management allowing unauthorized global administrative actions.
To fix CVE-2023-45581, update Fortinet FortiClientEMS to version 7.2.3 or later, or to version 7.0.10 or earlier.
CVE-2023-45581 affects Fortinet FortiClientEMS versions 7.2.0 through 7.2.2, and versions prior to 7.0.10.
CVE-2023-45581 is classified as an improper privilege management vulnerability, identified by CWE-269.
Site administrators with Super Admin privileges may be impacted by CVE-2023-45581, allowing them to unintentionally perform global operations on other sites.