Vulnerability identifier: #VU42771
Vulnerability risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
FortiOS
Operating systems & Components /
Operating system
Vendor: Fortinet, Inc
Description
The vulnerability allows a remote #AU# to read and manipulate data.
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.
Mitigation
Install update from vendor's website.
Vulnerable software versions
FortiOS: 5.0.1
External links
http://www.fortiguard.com/advisory/FGA-2013-20/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.