Details of VAR-202402-1803

ID

VAR-202402-1803

CVE

CVE-2023-45581

TITLE

fortinet's FortiClient EMS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-026062

DESCRIPTION

An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. fortinet's FortiClient EMS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-45581 // JVNDB: JVNDB-2023-026062 // VULMON: CVE-2023-45581

AFFECTED PRODUCTS

vendor:	fortinet	model:	forticlient enterprise management server	scope:	lt	version:	7.0.10	Trust: 1.0
vendor:	fortinet	model:	forticlient enterprise management server	scope:	lte	version:	7.2.2	Trust: 1.0
vendor:	fortinet	model:	forticlient enterprise management server	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	フォーティネット	model:	forticlient ems	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	forticlient ems	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-026062 // NVD: CVE-2023-45581

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-45581
value:	HIGH
Trust: 1.8
psirt@fortinet.com:	CVE-2023-45581
value:	HIGH
Trust: 1.0

NVD:
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-45581
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-026062 // NVD: CVE-2023-45581 // NVD: CVE-2023-45581

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-026062 // NVD: CVE-2023-45581

CONFIGURATIONS

sources: NVD: CVE-2023-45581

PATCH

title:

FG-IR-23-357

url:

https://www.fortiguard.com/psirt/fg-ir-23-357

Trust: 0.8

sources: JVNDB: JVNDB-2023-026062

EXTERNAL IDS

db:	NVD	id:	CVE-2023-45581	Trust: 2.7
db:	JVNDB	id:	JVNDB-2023-026062	Trust: 0.8
db:	VULMON	id:	CVE-2023-45581	Trust: 0.1

sources: VULMON: CVE-2023-45581 // JVNDB: JVNDB-2023-026062 // NVD: CVE-2023-45581

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-23-357	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-45581	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-45581 // JVNDB: JVNDB-2023-026062 // NVD: CVE-2023-45581

SOURCES

db:	VULMON	id:	CVE-2023-45581
db:	JVNDB	id:	JVNDB-2023-026062
db:	NVD	id:	CVE-2023-45581

LAST UPDATE DATE

2024-02-27T23:06:09.479000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-45581	date:	2024-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2023-026062	date:	2024-02-26T01:13:00
db:	NVD	id:	CVE-2023-45581	date:	2024-02-20T20:54:47.437

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-45581	date:	2024-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2023-026062	date:	2024-02-26T00:00:00
db:	NVD	id:	CVE-2023-45581	date:	2024-02-15T14:15:45.033