Description
An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
E
Unchanged
RL
X
RC
X
Affected products
- fortinet / FortiIsolator2.4.4 – 2.4.4
- fortinet / FortiIsolator2.4.3 – 2.4.3
- fortinet / FortiIsolator2.3.4 – 2.3.4
- fortinet / FortiIsolator2.3.3 – 2.3.3
- fortinet / FortiIsolator2.3.2 – 2.3.2
- fortinet / FortiIsolator2.3.1 – 2.3.1
- fortinet / FortiIsolator2.3.0 – 2.3.0
References
- VENDOR_ADVISORYhttps://fortiguard.fortinet.com/psirt/FG-IR-24-045