TTCSIRT-258.010620: TT-CSIRT ADVISORY- FORTIMAIL ADMIN PRIVILEGE ESCALATION
Two improper access control vulnerabilities in FortiMail admin webUI may allow administrators to perform privileged functions they should not be authorized for.
Specifically, the two vulnerabilities are identified as the following:
CVE-2019-15712: improper access control to web console
CVE-2019-15707: improper access control to system backup config download
Impact: Improper Access Control
Affected Products: FortiMail 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below.
Solutions: Upgrade to 6.2.1, 6.0.7 or 5.4.11
The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages users and administrators to review
CVE-2019-15707, CVE-2019-15712 and apply the necessary updates.
For further review please see the following link: