CVE-2018-1354

Published: Jun 27, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.

Affected (2)

Products: Fortinet: Fortianalyzer, Fortimanager

Fortinet

2 products

Fortianalyzer

Fortimanager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortianalyzer	Up to 6.0.0
Fortinet Fortimanager	Up to 6.0.0

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (8)

http://www.securityfocus.com/bid/104537

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041182

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041183

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-18-014

Source: psirt@fortinet.com

Vendor Advisory

http://www.securityfocus.com/bid/104537

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041182

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041183

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-18-014

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.