CVE-2022-45857

High

An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an…

fortinet·CWE-286·Published 2023-01-05

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

249 chars

An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted.

NVDen

249 chars

NVDes

289 chars

Una vulnerabilidad de administración de usuarios incorrecta [CWE-286] en el componente de creación de VDOM de FortiManager versión 6.4.6 e inferiores puede permitir que un atacante acceda a FortiGate sin contraseña a través de VDOM recién creados después de eliminar la cuenta super_admin.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	1.6	5.3	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H
3.1	Primary	cve.org	6.0	—	—	CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H/E:F/RL:O/RC:C