CVE-2017-7337

Published: May 27, 2017Modified: May 13, 2026

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.

Affected (1)

Products: Fortinet: Fortiportal

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiportal	Up to 4.0.0

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://fortiguard.com/psirt/FG-IR-17-114

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-17-114

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.