{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-27487", "ASSIGNER": "psirt@fortinet.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands", "cweId": "CWE-269" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Fortinet", "product": { "product_data": [ { "product_name": "FortiDeceptor", "version": { "version_data": [ { "version_affected": "=", "version_value": "4.1.0" }, { "version_affected": "<=", "version_name": "4.0.0", "version_value": "4.0.2" }, { "version_affected": "<=", "version_name": "3.3.0", "version_value": "3.3.3" }, { "version_affected": "<=", "version_name": "3.2.0", "version_value": "3.2.2" }, { "version_affected": "<=", "version_name": "3.1.0", "version_value": "3.1.1" }, { "version_affected": "<=", "version_name": "3.0.0", "version_value": "3.0.2" }, { "version_affected": "=", "version_value": "2.1.0" }, { "version_affected": "=", "version_value": "2.0.0" }, { "version_affected": "=", "version_value": "1.1.0" }, { "version_affected": "<=", "version_name": "1.0.0", "version_value": "1.0.1" } ] } }, { "product_name": "FortiSandbox", "version": { "version_data": [ { "version_affected": "<=", "version_name": "4.2.0", "version_value": "4.2.2" }, { "version_affected": "<=", "version_name": "4.0.0", "version_value": "4.0.2" }, { "version_affected": "<=", "version_name": "3.2.0", "version_value": "3.2.3" }, { "version_affected": "<=", "version_name": "3.1.0", "version_value": "3.1.5" }, { "version_affected": "<=", "version_name": "3.0.0", "version_value": "3.0.7" }, { "version_affected": "<=", "version_name": "2.5.0", "version_value": "2.5.2" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://fortiguard.com/psirt/FG-IR-22-056", "refsource": "MISC", "name": "https://fortiguard.com/psirt/FG-IR-22-056" } ] }, "solution": [ { "lang": "en", "value": "Please upgrade to FortiDeceptor version 4.2.0 or above Please upgrade to FortiDeceptor version 4.1.1 or above Please upgrade to FortiDeceptor version 4.0.2 or above Please upgrade to FortiDeceptor version 3.3.3 or above Please upgrade to FortiSandbox version 4.2.3 or above Please upgrade to FortiSandbox version 4.0.3 or above Please upgrade to FortiSandbox version 3.2.4 or above " } ], "impact": { "cvss": [ { "version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C" } ] } }