CVE-2022-27488

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

Published: Dec 13, 2023
Updated: Dec 20, 2023
CVE: CVE-2022-27488
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
fortinet / fortiswitch	6.0.0	6.0.7.x
fortinet / fortiswitch	6.2.0	6.2.7.x
fortinet / fortimail	6.0.0	6.0.12.x
fortinet / fortimail	6.2.0	6.2.9.x
fortinet / fortimail	6.4.0	6.4.6.x
fortinet / fortimail	7.0.0	7.0.3.x
fortinet / fortiswitch	7.0.0	7.0.4.x
fortinet / fortiswitch	6.4.0	6.4.10.x
fortinet / fortivoice	6.4.0	6.4.7.x
fortinet / fortivoice	6.0.0	6.0.11.x
fortinet / fortirecorder	6.4.0	6.4.2.x
fortinet / fortirecorder	6.0.0	6.0.11.x
fortinet / fortirecorder	2.7.0	2.7.7.x
fortinet / fortirecorder	2.6.0	2.6.3.x
fortinet / fortiai	1.5.3	1.5.3.x
fortinet / fortiai	1.1.0	1.1.0.x
fortinet / fortindr	7.1.0	7.1.0.x
fortinet / fortindr	7.0.0	7.0.4.x

https://fortiguard.com/psirt/FG-IR-22-038

Vulnerability Database

289,697

CVE-2022-27488