Vulnerability Description
A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiai | 1.1.0 |
| Fortinet | Fortimail | >= 6.0.0, <= 6.0.12 |
| Fortinet | Fortindr | >= 7.0.0, <= 7.0.4 |
| Fortinet | Fortirecorder | >= 2.6.0, <= 2.6.3 |
| Fortinet | Fortivoice | >= 6.0.0, <= 6.0.11 |
| Fortinet | Fortiswitch | >= 6.0.0, <= 6.0.7 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-22-038Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-22-038Vendor Advisory
FAQ
What is CVE-2022-27488?
CVE-2022-27488 is a vulnerability with a CVSS score of 8.3 (HIGH). A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version ...
How severe is CVE-2022-27488?
CVE-2022-27488 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27488?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiai, Fortinet Fortimail, Fortinet Fortindr, Fortinet Fortirecorder, Fortinet Fortivoice.