ID

VAR-202209-0222


CVE

CVE-2022-38377


TITLE

fortinet's  FortiAnalyzer  and  FortiManager  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023038

DESCRIPTION

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. fortinet's FortiAnalyzer and FortiManager Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-38377 // JVNDB: JVNDB-2022-023038 // VULHUB: VHN-434171 // VULMON: CVE-2022-38377

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimanagerscope:lteversion:6.0.11

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:lteversion:6.0.12

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:lteversion:7.0.3

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:lteversion:6.2.10

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:lteversion:6.2.9

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:lteversion:6.4.7

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:lteversion:7.0.3

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:lteversion:6.4.8

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:6.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortimanagerscope:eqversion:6.2.0 to 6.2.9

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope:eqversion:7.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortianalyzerscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope:eqversion:6.0.0 to 6.0.11

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope:eqversion:7.0.0 to 7.0.3

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope:eqversion:6.4.0 to 6.4.7

Trust: 0.8

sources: JVNDB: JVNDB-2022-023038 // NVD: CVE-2022-38377

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-38377
value: LOW

Trust: 1.0

psirt@fortinet.com: CVE-2022-38377
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-38377
value: LOW

Trust: 0.8

CNNVD: CNNVD-202209-247
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2022-38377
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-38377
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-38377
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023038 // CNNVD: CNNVD-202209-247 // NVD: CVE-2022-38377 // NVD: CVE-2022-38377

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023038 // NVD: CVE-2022-38377

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-247

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-247

PATCH

title:FG-IR-20-143url:https://fortiguard.com/psirt/FG-IR-20-143

Trust: 0.8

sources: JVNDB: JVNDB-2022-023038

EXTERNAL IDS

db:NVDid:CVE-2022-38377

Trust: 3.4

db:JVNDBid:JVNDB-2022-023038

Trust: 0.8

db:CNNVDid:CNNVD-202209-247

Trust: 0.6

db:VULHUBid:VHN-434171

Trust: 0.1

db:VULMONid:CVE-2022-38377

Trust: 0.1

sources: VULHUB: VHN-434171 // VULMON: CVE-2022-38377 // JVNDB: JVNDB-2022-023038 // CNNVD: CNNVD-202209-247 // NVD: CVE-2022-38377

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-20-143

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-38377

Trust: 1.4

url:https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-information-disclosure-via-adom-39196

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-38377/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-434171 // VULMON: CVE-2022-38377 // JVNDB: JVNDB-2022-023038 // CNNVD: CNNVD-202209-247 // NVD: CVE-2022-38377

SOURCES

db:VULHUBid:VHN-434171
db:VULMONid:CVE-2022-38377
db:JVNDBid:JVNDB-2022-023038
db:CNNVDid:CNNVD-202209-247
db:NVDid:CVE-2022-38377

LAST UPDATE DATE

2024-08-14T15:00:47.247000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-434171date:2022-12-01T00:00:00
db:VULMONid:CVE-2022-38377date:2022-11-25T00:00:00
db:JVNDBid:JVNDB-2022-023038date:2023-11-27T01:14:00
db:CNNVDid:CNNVD-202209-247date:2022-12-02T00:00:00
db:NVDid:CVE-2022-38377date:2023-11-07T03:50:06.800

SOURCES RELEASE DATE

db:VULHUBid:VHN-434171date:2022-11-25T00:00:00
db:VULMONid:CVE-2022-38377date:2022-11-25T00:00:00
db:JVNDBid:JVNDB-2022-023038date:2023-11-27T00:00:00
db:CNNVDid:CNNVD-202209-247date:2022-09-06T00:00:00
db:NVDid:CVE-2022-38377date:2022-11-25T16:15:10.747