Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-258.010620: TT-CSIRT ADVISORY- FORTIMAIL ADMIN PRIVILEGE ESCALATION

6th January 2020

Two improper access control vulnerabilities in FortiMail admin webUI may allow administrators to perform privileged functions they should not be authorized for.

Specifically, the two vulnerabilities are identified as the following:
CVE-2019-15712: improper access control to web console
CVE-2019-15707: improper access control to system backup config download

Impact: Improper Access Control

Affected Products: FortiMail 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below.

Solutions: Upgrade to 6.2.1, 6.0.7 or 5.4.11

The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages users and administrators to review
CVE-2019-15707, CVE-2019-15712 and  apply the necessary updates.

For further review please see the following link: