CVE-2022-38378

MEDIUM Year: 2022
CVSS v3 Score
6.0
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.

Related Vulnerabilities

CVE-2017-5703

MEDIUM
CVSS:6.0(Medium)

Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service.

CWE-2692017

CVE-2022-4314

MEDIUM
CVSS:6.0(Medium)

Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.

CWE-2692022

CVE-2024-20282

MEDIUM
CVSS:6.0(Medium)

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due ...

CWE-2692024

CVE-2012-4767

MEDIUM
CVSS:6.1(Medium)

An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend securi...

CWE-2692012

CVE-2017-6507

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have i...

CWE-2692017

CVE-2020-28014

MEDIUM
CVSS:6.1(Medium)

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.

CWE-2692020