vulnerability
Fortinet FortiManager: Incorrect Permission Assignment for Critical Resource (CVE-2018-1354)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:P/A:N) | Jun 27, 2018 | Jul 26, 2021 | Apr 7, 2026 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
Jun 27, 2018
Added
Jul 26, 2021
Modified
Apr 7, 2026
Description
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
Solutions
fortinet-fortimanager-upgrade-6_0_0fortinet-fortimanager-upgrade-6_0_1
References
- CVE-2018-1354
- https://attackerkb.com/topics/CVE-2018-1354
- CWE-732
- EUVD-EUVD-2018-11933
- http://www.securityfocus.com/bid/104537
- http://www.securitytracker.com/id/1041182
- http://www.securitytracker.com/id/1041183
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-11933
- https://fortiguard.com/advisory/FG-IR-18-014
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.