CVE-2022-27488

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-22-038	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiai:1.1.0:::::::*
	cpe:2.3:a:fortinet:fortiai:1.5.3:::::::*
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortindr::::::::
	cpe:2.3:a:fortinet:fortindr:7.1.0:::::::*
	cpe:2.3:a:fortinet:fortirecorder::::::::
	cpe:2.3:a:fortinet:fortirecorder::::::::
	cpe:2.3:a:fortinet:fortirecorder::::::::
	cpe:2.3:a:fortinet:fortirecorder::::::::
	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::

History

18 Jan 2024, 15:48

Type	Values Removed	Values Added
CPE	cpe:2.3:a:fortinet:fortivoice:::::entreprise:::*	cpe:2.3:a:fortinet:fortivoice::::::::

Information

Published : 2023-12-13 07:15

Updated : 2024-01-18 15:48

NVD link : CVE-2022-27488

Mitre link : CVE-2022-27488

CVE.ORG link : CVE-2022-27488

JSON object : View

Products Affected

fortinet

fortimail
fortiswitch
fortindr
fortirecorder
fortivoice
fortiai

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2022-27488", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}]}, "published": "2023-12-13T07:15:10.910", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-038", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via\u00a0tricking an authenticated administrator to execute malicious GET requests."}, {"lang": "es", "value": "Cross-Site Request Forgery (CSRF) en Fortinet FortiVoiceEnterprise versi\u00f3n 6.4.x, 6.0.x, FortiSwitch versi\u00f3n 7.0.0 a 7.0.4, 6.4.0 a 6.4.10, 6.2.0 a 6.2.7, 6.0.x , FortiMail versi\u00f3n 7.0.0 a 7.0.3, 6.4.0 a 6.4.6, 6.2.x, 6.0.x FortiRecorder versi\u00f3n 6.4.0 a 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR versi\u00f3n 1.xx permite que un atacante remoto no autenticado ejecute comandos en la CLI enga\u00f1ando a un administrador autenticado para que ejecute solicitudes GET maliciosas."}], "lastModified": "2024-01-18T15:48:06.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiai:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19BD18D1-18D4-4D01-BF20-63458D0B20DF"}, {"criteria": "cpe:2.3:a:fortinet:fortiai:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "649E0260-0770-4D6A-A679-8862D7039A08"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01F784BF-4F89-4938-9150-F911E3EB6CD0", "versionEndIncluding": "6.0.12", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEDC7EE8-084C-4F9E-A510-E283FCDF9832", "versionEndIncluding": "6.2.9", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0A5C345-7055-4F18-AE77-FF1DBE41AB89", "versionEndIncluding": "6.4.6", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3680FCC2-6397-4726-AA94-902C3831EDD1", "versionEndIncluding": "7.0.3", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E091862-662E-40F0-9D53-6F9B898115BC", "versionEndIncluding": "7.0.4", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "888692FD-3219-49D3-898C-F4EA84CCC6CF"}, {"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78EA72E6-DBA2-4E76-AF17-7AC63D542241", "versionEndIncluding": "2.6.3", "versionStartIncluding": "2.6.0"}, {"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A18D3F0-FED4-49D1-BD14-C57875D48190", "versionEndIncluding": "2.7.7", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAED4521-DF4F-4CCA-82CE-9FAC7BC95391", "versionEndIncluding": "6.0.11", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8252967-27EB-4596-A1BF-673DE66B77BF", "versionEndIncluding": "6.4.2", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3AE050D-F16C-4FA4-B1F3-54708C8BDC4C", "versionEndIncluding": "6.0.11", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCD41EBB-A032-40F1-85F9-E2640DD7F448", "versionEndIncluding": "6.4.7", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "843F4434-651D-4A22-80C3-77397E059A98", "versionEndIncluding": "6.0.7", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "549EE910-DAC4-45B7-AE45-6B6A786CD2F5", "versionEndIncluding": "6.2.7", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EAE583E-5D26-4224-AB58-DC3E4A6EA505", "versionEndIncluding": "6.4.10", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2681D458-EE55-478D-92D1-C6BB7BB3BAC4", "versionEndIncluding": "7.0.4", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}