CVE-2013-4604

Published: Jun 25, 2013Modified: Apr 29, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.

Affected (2)

Products: Fortinet: Fortios

Fortinet

1 product

Fortios

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	Up to 5.0.2
Fortinet Fortios	Version 5.0.1

Related CWEs

CWE-264

References (2)

http://www.fortiguard.com/advisory/FGA-2013-20/

Source: cve@mitre.org

http://www.fortiguard.com/advisory/FGA-2013-20/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.