{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-45581","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-10-09T08:01:29.296Z","datePublished":"2024-02-15T13:59:23.728Z","dateUpdated":"2024-08-02T20:21:16.534Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiClientEMS","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.2","status":"affected"},{"versionType":"semver","version":"7.0.6","lessThanOrEqual":"7.0.10","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.4","status":"affected"},{"versionType":"semver","version":"6.4.7","lessThanOrEqual":"6.4.9","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.4","status":"affected"},{"versionType":"semver","version":"6.2.6","lessThanOrEqual":"6.2.9","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.4","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2024-02-15T13:59:23.728Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-269","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.9,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:U"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiClientEMS version 7.2.3 or above \nPlease upgrade to FortiClientEMS version 7.0.11 or above \n"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-357","url":"https://fortiguard.com/psirt/FG-IR-23-357"}]},"adp":[{"affected":[{"vendor":"fortinet","product":"forticlient_enterprise_management_server","cpes":["cpe:2.3:a:fortinet:forticlient_enterprise_management_server:6.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:forticlient_enterprise_management_server:6.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.2.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.2.0","status":"affected","lessThan":"6.3","versionType":"custom"},{"version":"6.4.0","status":"affected","lessThan":"6.5","versionType":"custom"},{"version":"7.0.0","status":"affected","lessThanOrEqual":"7.0.4","versionType":"custom"},{"version":"7.0.6","status":"affected","lessThanOrEqual":"7.0.10","versionType":"custom"},{"version":"7.2.0","status":"affected","lessThanOrEqual":"7.2.2","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-09T17:06:14.506422Z","id":"CVE-2023-45581","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-09T17:08:17.614Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:21:16.534Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-357","url":"https://fortiguard.com/psirt/FG-IR-23-357","tags":["x_transferred"]}]}]}}