- Description
- An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.
- Source
- psirt@fortinet.com
- NVD status
- Modified
- Products
- fortios, fortiproxy
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- psirt@fortinet.com
- CWE-285
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7395B0-2864-49E3-8B70-935A17EF3162",
"versionEndExcluding": "7.2.9",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4316C2EA-3D6E-4A0C-B81D-ADCE040E03E0",
"versionEndExcluding": "7.4.2",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3C0418-E314-45E0-A706-A9B45231ED1E",
"versionEndExcluding": "7.4.9",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]