← back
CVE-2023-45581

CVE-2023-45581

CVSS 7.9 HIGHEPSS 0.8%CWE-269
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.9EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Feb 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:U
Affected products
Fortinet · FortiClientEMS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/psirt/FG-IR-23-357