Main Vulnerability Database Vulnerabilities #VU42771

#VU42771 Permissions, Privileges, and Access Controls in FortiOS - CVE-2013-4604

Published: June 25, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42771

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-4604

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote #AU# to read and manipulate data.

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.

Remediation

Install update from vendor's website.

External links

http://www.fortiguard.com/advisory/FGA-2013-20/

#VU42771 Permissions, Privileges, and Access Controls in FortiOS - CVE-2013-4604

Description

Remediation

External links

Please verify you're human