vulnerability

Fortinet FortiOS: Improper Privilege Management (CVE-2022-38378)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:M/C:P/I:P/A:P)	Feb 16, 2023	Feb 27, 2023	Mar 30, 2026

Severity

CVSS

(AV:L/AC:L/Au:M/C:P/I:P/A:P)

Published

Feb 16, 2023

Added

Feb 27, 2023

Modified

Mar 30, 2026

Description

An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.

Solutions

fortios-upgrade-7_0_8fortios-upgrade-7_2_1

References

CVE-2022-38378
https://attackerkb.com/topics/CVE-2022-38378
CWE-269
EUVD-EUVD-2022-40964
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-40964
https://fortiguard.com/psirt/FG-IR-22-346

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today