{"api_version":"1","generated_at":"2026-04-23T08:51:57+00:00","cve":"CVE-2022-27487","urls":{"html":"https://cve.report/CVE-2022-27487","api":"https://cve.report/api/cve/CVE-2022-27487.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-27487","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-27487"},"summary":{"title":"CVE-2022-27487","description":"A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.","state":"PUBLIC","assigner":"psirt@fortinet.com","published_at":"2023-04-11 17:15:00","updated_at":"2023-11-07 03:45:00"},"problem_types":["CWE-269"],"metrics":[],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-22-056","name":"https://fortiguard.com/psirt/FG-IR-22-056","refsource":"MISC","tags":["Vendor Advisory"],"title":"PSIRT Advisories | FortiGuard","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-27487","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27487","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"27487","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortideceptor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27487","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortideceptor","cpe6":"4.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27487","vulnerable":"1","versionEndIncluding":"4.0.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortideceptor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27487","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortisandbox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-27487","qid":"160704","title":"Oracle Enterprise Linux Security Update for istio (ELSA-2023-12357)"},{"cve":"CVE-2022-27487","qid":"160705","title":"Oracle Enterprise Linux Security Update for istio (ELSA-2023-12355)"},{"cve":"CVE-2022-27487","qid":"160706","title":"Oracle Enterprise Linux Security Update for olcne (ELSA-2023-23649)"},{"cve":"CVE-2022-27487","qid":"160707","title":"Oracle Enterprise Linux Security Update for istio (ELSA-2023-12356)"},{"cve":"CVE-2022-27487","qid":"160708","title":"Oracle Enterprise Linux Security Update for istio (ELSA-2023-12354)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-27487","ASSIGNER":"psirt@fortinet.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Execute unauthorized code or commands","cweId":"CWE-269"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Fortinet","product":{"product_data":[{"product_name":"FortiDeceptor","version":{"version_data":[{"version_affected":"=","version_value":"4.1.0"},{"version_affected":"<=","version_name":"4.0.0","version_value":"4.0.2"},{"version_affected":"<=","version_name":"3.3.0","version_value":"3.3.3"},{"version_affected":"<=","version_name":"3.2.0","version_value":"3.2.2"},{"version_affected":"<=","version_name":"3.1.0","version_value":"3.1.1"},{"version_affected":"<=","version_name":"3.0.0","version_value":"3.0.2"},{"version_affected":"=","version_value":"2.1.0"},{"version_affected":"=","version_value":"2.0.0"},{"version_affected":"=","version_value":"1.1.0"},{"version_affected":"<=","version_name":"1.0.0","version_value":"1.0.1"}]}},{"product_name":"FortiSandbox","version":{"version_data":[{"version_affected":"<=","version_name":"4.2.0","version_value":"4.2.2"},{"version_affected":"<=","version_name":"4.0.0","version_value":"4.0.2"},{"version_affected":"<=","version_name":"3.2.0","version_value":"3.2.3"},{"version_affected":"<=","version_name":"3.1.0","version_value":"3.1.5"},{"version_affected":"<=","version_name":"3.0.0","version_value":"3.0.7"},{"version_affected":"<=","version_name":"2.5.0","version_value":"2.5.2"}]}}]}}]}},"references":{"reference_data":[{"url":"https://fortiguard.com/psirt/FG-IR-22-056","refsource":"MISC","name":"https://fortiguard.com/psirt/FG-IR-22-056"}]},"solution":[{"lang":"en","value":"Please upgrade to FortiDeceptor version 4.2.0 or above Please upgrade to FortiDeceptor version 4.1.1 or above Please upgrade to FortiDeceptor version 4.0.2 or above Please upgrade to FortiDeceptor version 3.3.3 or above Please upgrade to FortiSandbox version 4.2.3 or above Please upgrade to FortiSandbox version 4.0.3 or above Please upgrade to FortiSandbox version 3.2.4 or above "}],"impact":{"cvss":[{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}]}},"nvd":{"publishedDate":"2023-04-11 17:15:00","lastModifiedDate":"2023-11-07 03:45:00","problem_types":["CWE-269"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"3.2.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0","versionEndExcluding":"3.3.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}