=====================================================================

                                CERT-Renater

                      Note d'Information No. 2023/VULN400

_____________________________________________________________________

DATE                : 12/10/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiMail versions prior to 7.4.0,
                                  7.2.3, 7.0.6, 6.4.8.

=====================================================================
https://fortiguard.fortinet.com/psirt/FG-IR-23-202
_____________________________________________________________________

FortiMail - Email account takeover in same web domain

IR Number    : FG-IR-23-202
Date         : Oct 10, 2023
Severity     : High
CVSSv3 Score : 8.6
Impact       : Escalation of privilege
CVE ID       : CVE-2023-36556
Affected Products: FortiMail:7.2.2, 7.2.1, 7.2.0, 7.0.5, 7.0.4, 7.0.3, 
7.0.2, 7.0.1,
7.0.0, 6.4.7,
    6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8,
6.2.7, 6.2.6,
    6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.12, 6.0.11, 6.0.10
  6.0.9, 6.0.8,
    6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0


Summary

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail
may allow an authenticated attacker to login to other users accounts
from the same web domain via crafted HTTP or HTTPs requests.

    Version         Affected                Solution
FortiMail 7.4   Not affected          Upgrade to 7.4.0 or above
FortiMail 7.2   7.2.0 through 7.2.2   Upgrade to 7.2.3 or above
FortiMail 7.0   7.0.0 through 7.0.5   Upgrade to 7.0.6 or above
FortiMail 6.4   6.4.0 through 6.4.7   Upgrade to 6.4.8 or above
FortiMail 6.2   6.2 all versions      Migrate to a fixed release
FortiMail 6.0   6.0 all versions      Migrate to a fixed release

Follow the recommended upgrade path using our tool at: https://
docs.fortinet.com/upgrade-tool


Acknowledgement

Internally discovered and reported by Hritik Sateesh from Burnaby
Infosec team.


Timeline

2023-10-09: Initial publication


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================