Headline
CVE-2022-38380: Fortiguard
An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.
** PSIRT Advisories**
FortiOS – Read-Only users able to modify the Interface fields using the API
Summary
An improper access control [CWE-284] vulnerability in FortiOS may allow a remote authenticated read-only user to modify the interface settings via the API.
Affected Products
FortiOS version 7.2.0
FortiOS version 7.0.0 through 7.0.7
Acknowledgement
Fortinet is pleased to thank Alexis La Goutte for reporting this vulnerability under responsible disclosure