admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-366xx/CVE-2023-36638.json
cad-safe-bot b2c3b96645 Auto-Update: 2023-09-15T16:00:25.799099+00:00
2023-09-15 16:00:29 +00:00

132 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-36638",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-09-13T13:15:09.033",
"lastModified": "2023-09-15T15:13:19.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.4.12",
"matchCriteriaId": "F3279695-4C9A-4AB9-A3E3-81AD4AB189C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.8",
"matchCriteriaId": "4EE403C3-3D66-4BF4-8D3C-1FCCD429EA28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.3",
"matchCriteriaId": "D074D55F-B03C-4D6C-91EF-AB74590164A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.12",
"matchCriteriaId": "142A4113-BEF9-4112-AC7D-757A18CFF2CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.8",
"matchCriteriaId": "F5248A7F-5122-4C07-8A4C-FE7A0BA07CF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.3",
"matchCriteriaId": "98D47A3F-5A5B-4E5A-B145-2B1F9F29FC93"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-522",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink