Main Vulnerability Database Vulnerabilities #VU42771

Permissions, Privileges, and Access Controls in FortiOS - CVE-2013-4604

Published: June 25, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42771

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-4604

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.

How to mitigate CVE-2013-4604

Install update from vendor's website.

Sources

http://www.fortiguard.com/advisory/FGA-2013-20/

Permissions, Privileges, and Access Controls in FortiOS - CVE-2013-4604

Detailed vulnerability description

How to mitigate CVE-2013-4604

Sources

Please verify you're human