1. Home
  2. CVE Database
  3. CVE-2022-38378
MEDIUM · 4.2

CVE-2022-38378

An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has acce...

Vulnerability Description

An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.

CVSS Score

4.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
FortinetFortiproxy>= 1.1.0, <= 2.0.9
FortinetFortios>= 6.0.0, < 7.0.8

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2022-38378?

CVE-2022-38378 is a vulnerability with a CVSS score of 4.2 (MEDIUM). An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has acce...

How severe is CVE-2022-38378?

CVE-2022-38378 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-38378?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiproxy, Fortinet Fortios.