vulnerability

Fortinet FortiAnalyzer: Incorrect Permission Assignment for Critical Resource (CVE-2018-1354)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Jun 27, 2018

Added

Jul 22, 2021

Modified

Apr 7, 2026

Description

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.

Solution

fortinet-fortianalyzer-upgrade-latest

References

CVE-2018-1354
https://attackerkb.com/topics/CVE-2018-1354
CWE-732
EUVD-EUVD-2018-11933
http://www.securityfocus.com/bid/104537
http://www.securitytracker.com/id/1041182
http://www.securitytracker.com/id/1041183
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-11933
https://fortiguard.com/advisory/FG-IR-18-014

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report