ID

VAR-202402-1803


CVE

CVE-2023-45581


TITLE

fortinet's  FortiClient EMS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-026062

DESCRIPTION

An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. fortinet's FortiClient EMS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-45581 // JVNDB: JVNDB-2023-026062 // VULMON: CVE-2023-45581

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlient enterprise management serverscope:ltversion:7.0.10

Trust: 1.0

vendor:fortinetmodel:forticlient enterprise management serverscope:lteversion:7.2.2

Trust: 1.0

vendor:fortinetmodel:forticlient enterprise management serverscope:gteversion:7.2.0

Trust: 1.0

vendor:フォーティネットmodel:forticlient emsscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:forticlient emsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-026062 // NVD: CVE-2023-45581

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-45581
value: HIGH

Trust: 1.8

psirt@fortinet.com: CVE-2023-45581
value: HIGH

Trust: 1.0

NVD:
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-45581
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-026062 // NVD: CVE-2023-45581 // NVD: CVE-2023-45581

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-026062 // NVD: CVE-2023-45581

CONFIGURATIONS

sources: NVD: CVE-2023-45581

PATCH

title:FG-IR-23-357url:https://www.fortiguard.com/psirt/fg-ir-23-357

Trust: 0.8

sources: JVNDB: JVNDB-2023-026062

EXTERNAL IDS

db:NVDid:CVE-2023-45581

Trust: 2.7

db:JVNDBid:JVNDB-2023-026062

Trust: 0.8

db:VULMONid:CVE-2023-45581

Trust: 0.1

sources: VULMON: CVE-2023-45581 // JVNDB: JVNDB-2023-026062 // NVD: CVE-2023-45581

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-23-357

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-45581

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-45581 // JVNDB: JVNDB-2023-026062 // NVD: CVE-2023-45581

SOURCES

db:VULMONid:CVE-2023-45581
db:JVNDBid:JVNDB-2023-026062
db:NVDid:CVE-2023-45581

LAST UPDATE DATE

2024-02-27T23:06:09.479000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-45581date:2024-02-15T00:00:00
db:JVNDBid:JVNDB-2023-026062date:2024-02-26T01:13:00
db:NVDid:CVE-2023-45581date:2024-02-20T20:54:47.437

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-45581date:2024-02-15T00:00:00
db:JVNDBid:JVNDB-2023-026062date:2024-02-26T00:00:00
db:NVDid:CVE-2023-45581date:2024-02-15T14:15:45.033