Home
MEDIUM: 4.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:CDefault status
unaffected
7.4.0 (semver)
affected
7.2.0 (semver)
affected
7.0.0 (semver)
affected
2.0.0 (semver)
affected
Default status
unaffected
7.4.0 (semver)
affected
7.2.0 (semver)
affected
7.0.0 (semver)
affected
Description
An improper authorization vulnerability [CWE-285] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.
Problem types
Product status
7.4.0 (semver)
7.2.0 (semver)
7.0.0 (semver)
2.0.0 (semver)
7.4.0 (semver)
7.2.0 (semver)
7.0.0 (semver)
References
fortiguard.fortinet.com/psirt/FG-IR-25-684
