CVE-2022-22305 (GCVE-0-2022-22305)
Vulnerability from cvelistv5
Published
2023-09-01 11:43
Modified
2024-09-27 18:40
Severity ?
EPSS score ?
Summary
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-18-292 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-18-292 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortinet | FortiAnalyzer |
Version: 7.0.0 ≤ 7.0.2 Version: 6.4.0 ≤ 6.4.7 Version: 6.2.0 ≤ 6.2.11 Version: 6.0.0 ≤ 6.0.12 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:07:50.194Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-18-292", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-18-292", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-22305", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T18:01:39.754816Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:40:07.999Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiAnalyzer", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.2", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.7", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.11", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.12", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "FortiSandbox", vendor: "Fortinet", versions: [ { lessThanOrEqual: "4.0.2", status: "affected", version: "4.0.0", versionType: "semver", }, { lessThanOrEqual: "3.2.4", status: "affected", version: "3.2.0", versionType: "semver", }, { lessThanOrEqual: "3.1.5", status: "affected", version: "3.1.0", versionType: "semver", }, { lessThanOrEqual: "3.0.7", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.1", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.6", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.11", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.12", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-297", description: "Information disclosure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-01T11:43:03.878Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-18-292", url: "https://fortiguard.com/psirt/FG-IR-18-292", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiManager version 7.0.2 or above.\r\nPlease upgrade to FortiManager version 6.4.7 or above.\n\r\nPlease upgrade to FortiAnalyzer version 7.0.3 or above.\r\nPlease upgrade to FortiAnalyzer version 6.4.8 or above.\n\r\nPlease upgrade to FortiSandbox version 4.2.0 or above \n\r\n ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-22305", datePublished: "2023-09-01T11:43:03.878Z", dateReserved: "2022-01-03T09:39:36.530Z", dateUpdated: "2024-09-27T18:40:07.999Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.0.12\", \"matchCriteriaId\": \"2318A6AC-AA3E-4604-968C-35A46E79FCB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2.9\", \"versionEndIncluding\": \"6.4.7\", \"matchCriteriaId\": \"82AA3275-8A1D-43DA-880B-1EFFBD96C29D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7DC87E0-0C9F-4E65-B96E-7E91F71764AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80518C1A-60DB-4CC3-92ED-0C0BDCF2F1C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8619721-489F-4BE7-BBAC-7D07FB64A8EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.0.12\", \"matchCriteriaId\": \"8DFFD873-3F9B-41D8-92E6-09F84712BCE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2.0\", \"versionEndIncluding\": \"6.2.11\", \"matchCriteriaId\": \"67777F42-09E1-4651-807C-325A5F0D8A66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.4.0\", \"versionEndIncluding\": \"6.4.6\", \"matchCriteriaId\": \"D4EB03A2-7143-407C-B622-03E6AFAF6A78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A4E6379-A79E-4135-BAF1-D53E8F56798B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CF421D9-54D7-47FB-AB11-A556BDB4A372\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.0.7\", \"matchCriteriaId\": \"7D1EE4D7-4087-4A4A-9171-F48B1C5915C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.1.0\", \"versionEndIncluding\": \"3.1.5\", \"matchCriteriaId\": \"2C47A3DB-A02A-488D-B0E1-867A19CE43B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.2.0\", \"versionEndIncluding\": \"3.2.4\", \"matchCriteriaId\": \"16BB4915-1330-45E5-887E-AD97C29F500B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisandbox:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"527BEC13-9EC9-44AB-9F02-C948BDC96558\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0260B512-77CA-4FE8-A039-D7B287A19BAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D6CCD1A-3412-4A55-88A8-40B227FB00BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51A80522-EBFC-4C3E-BF38-01453CC359F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.6.10\", \"versionEndIncluding\": \"5.6.14\", \"matchCriteriaId\": \"1728ED99-9A01-4819-B382-EDEF00F97B9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.0.17\", \"matchCriteriaId\": \"0135464C-532C-430D-A76C-2FCDE4C991D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2.0\", \"versionEndIncluding\": \"6.2.15\", \"matchCriteriaId\": \"7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"An improper certificate validation vulnerability [CWE-295] in\\u00a0FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to\\u00a0man-in-the-middle the communication between the listed products and some external peers.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de validaci\\u00f3n de certificado incorrecta [CWE-295] en FortiManager v7.0.1 y versiones inferiores, v6.4.6 y versiones inferiores; FortiAnalyzer v7.0.2 y versiones inferiores, v6.4.7 y versiones inferiores; FortiOS v6.2.x y v6.0.x; FortiSandbox v4.0.x, 3.2.x y 3.1.x puede permitir a un atacante adyacente a la red y no autenticado interceder en la comunicaci\\u00f3n mediante la t\\u00e9cnica de man-in-the-middle entre los productos enumerados y algunos peers externos. \"}]", id: "CVE-2022-22305", lastModified: "2024-11-21T06:46:36.330", metrics: "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 4.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 2.5}]}", published: "2023-09-01T12:15:08.363", references: "[{\"url\": \"https://fortiguard.com/psirt/FG-IR-18-292\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-18-292\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-297\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2022-22305\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2023-09-01T12:15:08.363\",\"lastModified\":\"2024-11-21T06:46:36.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiManager v7.0.1 y versiones inferiores, v6.4.6 y versiones inferiores; FortiAnalyzer v7.0.2 y versiones inferiores, v6.4.7 y versiones inferiores; FortiOS v6.2.x y v6.0.x; FortiSandbox v4.0.x, 3.2.x y 3.1.x puede permitir a un atacante adyacente a la red y no autenticado interceder en la comunicación mediante la técnica de man-in-the-middle entre los productos enumerados y algunos peers externos. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-297\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.12\",\"matchCriteriaId\":\"2318A6AC-AA3E-4604-968C-35A46E79FCB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.9\",\"versionEndIncluding\":\"6.4.7\",\"matchCriteriaId\":\"82AA3275-8A1D-43DA-880B-1EFFBD96C29D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DC87E0-0C9F-4E65-B96E-7E91F71764AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80518C1A-60DB-4CC3-92ED-0C0BDCF2F1C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8619721-489F-4BE7-BBAC-7D07FB64A8EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.12\",\"matchCriteriaId\":\"8DFFD873-3F9B-41D8-92E6-09F84712BCE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.11\",\"matchCriteriaId\":\"67777F42-09E1-4651-807C-325A5F0D8A66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndIncluding\":\"6.4.6\",\"matchCriteriaId\":\"D4EB03A2-7143-407C-B622-03E6AFAF6A78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A4E6379-A79E-4135-BAF1-D53E8F56798B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CF421D9-54D7-47FB-AB11-A556BDB4A372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.0.7\",\"matchCriteriaId\":\"7D1EE4D7-4087-4A4A-9171-F48B1C5915C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.0\",\"versionEndIncluding\":\"3.1.5\",\"matchCriteriaId\":\"2C47A3DB-A02A-488D-B0E1-867A19CE43B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.2.0\",\"versionEndIncluding\":\"3.2.4\",\"matchCriteriaId\":\"16BB4915-1330-45E5-887E-AD97C29F500B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisandbox:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"527BEC13-9EC9-44AB-9F02-C948BDC96558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0260B512-77CA-4FE8-A039-D7B287A19BAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6CCD1A-3412-4A55-88A8-40B227FB00BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51A80522-EBFC-4C3E-BF38-01453CC359F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6.10\",\"versionEndIncluding\":\"5.6.14\",\"matchCriteriaId\":\"1728ED99-9A01-4819-B382-EDEF00F97B9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.17\",\"matchCriteriaId\":\"0135464C-532C-430D-A76C-2FCDE4C991D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.15\",\"matchCriteriaId\":\"7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-18-292\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-18-292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", vulnrichment: { containers: "{\"cna\": {\"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"FortiAnalyzer\", \"defaultStatus\": \"unaffected\", \"versions\": [{\"versionType\": \"semver\", \"version\": \"7.0.0\", \"lessThanOrEqual\": \"7.0.2\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.4.0\", \"lessThanOrEqual\": \"6.4.7\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.2.0\", \"lessThanOrEqual\": \"6.2.11\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.0.0\", \"lessThanOrEqual\": \"6.0.12\", \"status\": \"affected\"}]}, {\"vendor\": \"Fortinet\", \"product\": \"FortiSandbox\", \"defaultStatus\": \"unaffected\", \"versions\": [{\"versionType\": \"semver\", \"version\": \"4.0.0\", \"lessThanOrEqual\": \"4.0.2\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"3.2.0\", \"lessThanOrEqual\": \"3.2.4\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"3.1.0\", \"lessThanOrEqual\": \"3.1.5\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"3.0.0\", \"lessThanOrEqual\": \"3.0.7\", \"status\": \"affected\"}]}, {\"vendor\": \"Fortinet\", \"product\": \"FortiManager\", \"defaultStatus\": \"unaffected\", \"versions\": [{\"versionType\": \"semver\", \"version\": \"7.0.0\", \"lessThanOrEqual\": \"7.0.1\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.4.0\", \"lessThanOrEqual\": \"6.4.6\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.2.0\", \"lessThanOrEqual\": \"6.2.11\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.0.0\", \"lessThanOrEqual\": \"6.0.12\", \"status\": \"affected\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper certificate validation vulnerability [CWE-295] in\\u00a0FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to\\u00a0man-in-the-middle the communication between the listed products and some external peers.\"}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2023-09-01T11:43:03.878Z\"}, \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-297\", \"description\": \"Information disclosure\", \"type\": \"CWE\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"attackComplexity\": \"LOW\", \"attackVector\": \"ADJACENT_NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C\"}}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiManager\\u00a0version 7.0.2\\u00a0or above.\\r\\nPlease upgrade to FortiManager\\u00a0version 6.4.7\\u00a0or above.\\n\\r\\nPlease upgrade to FortiAnalyzer version 7.0.3\\u00a0or above.\\r\\nPlease upgrade to\\u00a0FortiAnalyzer version 6.4.8\\u00a0or above.\\n\\r\\nPlease upgrade to FortiSandbox version 4.2.0 or above\\u00a0\\n\\r\\n\\u00a0\"}], \"references\": [{\"name\": \"https://fortiguard.com/psirt/FG-IR-18-292\", \"url\": \"https://fortiguard.com/psirt/FG-IR-18-292\"}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:07:50.194Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://fortiguard.com/psirt/FG-IR-18-292\", \"url\": \"https://fortiguard.com/psirt/FG-IR-18-292\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-22305\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-27T18:01:39.754816Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-27T18:37:52.669Z\"}}]}", cveMetadata: "{\"cveId\": \"CVE-2022-22305\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"fortinet\", \"dateReserved\": \"2022-01-03T09:39:36.530Z\", \"datePublished\": \"2023-09-01T11:43:03.878Z\", \"dateUpdated\": \"2024-09-27T18:40:07.999Z\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.