SB2013062501 - Permissions, Privileges, and Access Controls in Fortinet, FortiOS 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2013062501

SB2013062501 - Permissions, Privileges, and Access Controls in Fortinet, FortiOS

Published: June 25, 2013 Updated: August 11, 2020

Security Bulletin ID SB2013062501
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-4604)

The vulnerability allows a remote #AU# to read and manipulate data.

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.


Remediation

Install update from vendor's website.

References