CVE-2022-38380 An access control vulnerability in FortiOS 7.2 and earlier may allow a remote read-only user to modify the interface settings via the API.

If the user has a low-privileged account, it may be possible for that user to grant themselves administrator privileges by exploiting this vulnerability.

FortiOS version 5.9.x through 7.0.x, and version 6.0.x through 7.0.7 contain an improper authentication vulnerability. An attacker may exploit this vulnerability by using an automated tool or a social engineering technique to fool the FortiGate unit into authenticating with an external server without any authentication credentials. An attacker may be able to obtain system or other privileged account information in this manner such as the user’s password or the user’s MAC address.

FortiOS versions 5.9.x through 7.0.x, and version 6.0.x through 7.0.7 contain an improper authorization vulnerability. An attacker may exploit this vulnerability by using an automated tool or a social engineering technique to fool the FortiGate unit into authorizing a connection for unauthenticated clients. This may allow an attacker to trick the FortiGate unit into allowing an external connection to the protected server, which may give the attacker access to the protected server.

FortiOS versions 5.9.x through 7.0.x, and version 6.0.x through 7.0.7 may allow a remote attacker with a low-privileged account to gain access to a protected server via the HTTP web server.

FortiOS versions 5.9.x through

The following table contains details on the FortiGate versions and impact of the vulnerability:

1.5
CVE-2022-38380
2.0
CVE-2022-38379
3.0
CVE-2022-38362, CVE-2022-38363

Mitigation Strategy - FortiGate 6.0.x  6.0.7

- Upgrade to FortiGate 6.0.x
- Enable HTTPS for FortiGate Control Plane and Services Engine
- Enable TLS 1.2 for the FortiSwitch

How to Detect if You Are Vulnerable

Users who are not familiar with the operation of their FortiGate unit may be vulnerable to these vulnerabilities. Users should be aware that if a user is not authenticated, it may be possible for that user to gain administrator privileges by exploiting this vulnerability.

The easiest way to identify if you are vulnerable to these vulnerabilities is by using the FortiGuard Discovery Tool. The tool will help users determine the firmware version of their unit and provide remediation steps depending on which version they have installed.

Timeline

Published on: 11/02/2022 12:15:00 UTC
Last modified on: 11/04/2022 14:56:00 UTC

References

• https://fortiguard.com/psirt/FG-IR-22-174
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38380