An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and prior to 7.0.7 and FortiProxy version 7.2.0 up to and including 7.2.1 and prior to 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiproxy |
||
fortinet fortios |