CVE-2013-4604 Information

Description

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities which allows remote authenticated users to read modify or delete the records of arbitrary users by leveraging the Guest role.

Reference

http://www.fortiguard.com/advisory/FGA-2013-20/