fkie_nvd - fkie_cve-2022-27488

fkie_cve-2022-27488

Vulnerability from fkie_nvd

Published

2023-12-13 07:15

Modified

2024-11-21 06:55

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

References

▶	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-22-038	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-22-038	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiai	1.1.0
fortinet	fortiai	1.5.3
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortindr	*
fortinet	fortindr	7.1.0
fortinet	fortirecorder	*
fortinet	fortirecorder	*
fortinet	fortirecorder	*
fortinet	fortirecorder	*
fortinet	fortivoice	*
fortinet	fortivoice	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiai:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "19BD18D1-18D4-4D01-BF20-63458D0B20DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiai:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "649E0260-0770-4D6A-A679-8862D7039A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01F784BF-4F89-4938-9150-F911E3EB6CD0",
              "versionEndIncluding": "6.0.12",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC7EE8-084C-4F9E-A510-E283FCDF9832",
              "versionEndIncluding": "6.2.9",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0A5C345-7055-4F18-AE77-FF1DBE41AB89",
              "versionEndIncluding": "6.4.6",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3680FCC2-6397-4726-AA94-902C3831EDD1",
              "versionEndIncluding": "7.0.3",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E091862-662E-40F0-9D53-6F9B898115BC",
              "versionEndIncluding": "7.0.4",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "888692FD-3219-49D3-898C-F4EA84CCC6CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78EA72E6-DBA2-4E76-AF17-7AC63D542241",
              "versionEndIncluding": "2.6.3",
              "versionStartIncluding": "2.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A18D3F0-FED4-49D1-BD14-C57875D48190",
              "versionEndIncluding": "2.7.7",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAED4521-DF4F-4CCA-82CE-9FAC7BC95391",
              "versionEndIncluding": "6.0.11",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8252967-27EB-4596-A1BF-673DE66B77BF",
              "versionEndIncluding": "6.4.2",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3AE050D-F16C-4FA4-B1F3-54708C8BDC4C",
              "versionEndIncluding": "6.0.11",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD41EBB-A032-40F1-85F9-E2640DD7F448",
              "versionEndIncluding": "6.4.7",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "843F4434-651D-4A22-80C3-77397E059A98",
              "versionEndIncluding": "6.0.7",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "549EE910-DAC4-45B7-AE45-6B6A786CD2F5",
              "versionEndIncluding": "6.2.7",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EAE583E-5D26-4224-AB58-DC3E4A6EA505",
              "versionEndIncluding": "6.4.10",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2681D458-EE55-478D-92D1-C6BB7BB3BAC4",
              "versionEndIncluding": "7.0.4",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via\u00a0tricking an authenticated administrator to execute malicious GET requests."
    },
    {
      "lang": "es",
      "value": "Cross-Site Request Forgery (CSRF) en Fortinet FortiVoiceEnterprise versi\u00f3n 6.4.x, 6.0.x, FortiSwitch versi\u00f3n 7.0.0 a 7.0.4, 6.4.0 a 6.4.10, 6.2.0 a 6.2.7, 6.0.x , FortiMail versi\u00f3n 7.0.0 a 7.0.3, 6.4.0 a 6.4.6, 6.2.x, 6.0.x FortiRecorder versi\u00f3n 6.4.0 a 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR versi\u00f3n 1.xx permite que un atacante remoto no autenticado ejecute comandos en la CLI enga\u00f1ando a un administrador autenticado para que ejecute solicitudes GET maliciosas."
    }
  ],
  "id": "CVE-2022-27488",
  "lastModified": "2024-11-21T06:55:49.453",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-13T07:15:10.910",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-22-038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-22-038"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-27488 (GCVE-0-2022-27488)

Vulnerability from cvelistv5

Published

2023-12-13 06:39

Modified

2024-08-03 05:32

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C

CWE

CWE-352 - Execute unauthorized code or commands

Summary

References

►

URL

Tags

https://fortiguard.com/psirt/FG-IR-22-038

Impacted products

Vendor

Product

Version

►

Fortinet

FortiVoice

Version: 6.4.0 ≤ 6.4.7
Version: 6.0.0 ≤ 6.0.11

Fortinet	FortiRecorder	Version: 6.4.0 ≤ 6.4.2 Version: 6.0.0 ≤ 6.0.11 Version: 2.7.0 ≤ 2.7.7 Version: 2.6.0 ≤ 2.6.3
Fortinet	FortiSwitch	Version: 7.0.0 ≤ 7.0.4 Version: 6.4.0 ≤ 6.4.10 Version: 6.2.0 ≤ 6.2.8 Version: 6.0.0 ≤ 6.0.7
Fortinet	FortiNDR	Version: 7.1.0 Version: 7.0.0 ≤ 7.0.4 Version: 1.5.0 ≤ 1.5.3 Version: 1.4.0 Version: 1.3.0 ≤ 1.3.1 Version: 1.2.0 Version: 1.1.0
Fortinet	FortiMail	Version: 7.0.0 ≤ 7.0.3 Version: 6.4.0 ≤ 6.4.6 Version: 6.2.0 ≤ 6.2.9 Version: 6.0.0 ≤ 6.0.12

Show details on NVD website