CVE-2022-27488

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-038 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiai:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiai:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*

History

18 Jan 2024, 15:48

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:* cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*

19 Dec 2023, 19:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.3
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiai:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:*
cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiai:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*
First Time Fortinet fortiswitch
Fortinet fortiai
Fortinet
Fortinet fortindr
Fortinet fortivoice
Fortinet fortirecorder
Fortinet fortimail
References () https://fortiguard.com/psirt/FG-IR-22-038 - () https://fortiguard.com/psirt/FG-IR-22-038 - Vendor Advisory

13 Dec 2023, 13:35

Type Values Removed Values Added
Summary
  • (es) Cross-Site Request Forgery (CSRF) en Fortinet FortiVoiceEnterprise versión 6.4.x, 6.0.x, FortiSwitch versión 7.0.0 a 7.0.4, 6.4.0 a 6.4.10, 6.2.0 a 6.2.7, 6.0.x , FortiMail versión 7.0.0 a 7.0.3, 6.4.0 a 6.4.6, 6.2.x, 6.0.x FortiRecorder versión 6.4.0 a 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR versión 1.xx permite que un atacante remoto no autenticado ejecute comandos en la CLI engañando a un administrador autenticado para que ejecute solicitudes GET maliciosas.

13 Dec 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-13 07:15

Updated : 2024-01-18 15:48


NVD link : CVE-2022-27488

Mitre link : CVE-2022-27488

CVE.ORG link : CVE-2022-27488


JSON object : View

Products Affected

fortinet

  • fortirecorder
  • fortindr
  • fortivoice
  • fortimail
  • fortiswitch
  • fortiai
CWE
CWE-352

Cross-Site Request Forgery (CSRF)