{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-38377","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","requesterUserId":"a0475cc0-be89-4a25-97b3-d1b8023a8677","dateReserved":"2022-08-16T14:17:48.479Z","datePublished":"2022-11-25T15:47:41.422Z","dateUpdated":"2024-10-22T20:52:08.654Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","versions":[{"version":"7.2.0","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.3","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.8","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.9","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.11","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","versions":[{"version":"7.2.0","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.3","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.8","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.9","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.11","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2022-11-25T15:47:41.422Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-284","description":"Improper access control","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiManager version 7.2.1 or above\r\nPlease upgrade to FortiManager version 7.0.4 or above\r\nPlease upgrade to FortiManager version 6.4.8 or above\n\r\nPlease upgrade to FortiAnalyzer version 7.2.1 or above\r\nPlease upgrade to FortiAnalyzer version 7.0.4 or above\r\nPlease upgrade to FortiAnalyzer version 6.4.9 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-20-143","url":"https://fortiguard.com/psirt/FG-IR-20-143"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T10:54:03.674Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-20-143","url":"https://fortiguard.com/psirt/FG-IR-20-143","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-22T20:18:55.318018Z","id":"CVE-2022-38377","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T20:52:08.654Z"}}]}}