CVE-2017-7337

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.

Published: May 27, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-7337
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
fortinet / fortiportal	-	4.0.0.x

https://fortiguard.com/psirt/FG-IR-17-114

Vulnerability Database

289,871

CVE-2017-7337