CVE-2022-30298

Published: Sep 6, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.

Affected (3)

Products: Fortinet: Fortisoar

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortisoar	From 6.4.0 to 6.4.4
Fortinet Fortisoar	From 7.0.0 to 7.0.3
Fortinet Fortisoar	Version 7.2.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://fortiguard.com/psirt/FG-IR-22-152

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-152

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.