cvelistv5 - cve-2022-26117

CVE-2022-26117 (GCVE-0-2022-26117)

Vulnerability from cvelistv5 – Published: 2022-07-18 00:00 – Updated: 2024-10-25 13:31

Summary

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

CWE

Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

	https://github.com/orangecertcc/security-research…
	https://fortiguard.com/psirt/FG-IR-22-058

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiNAC	Affected: FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-058"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26117",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:12:35.607605Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:31:44.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiNAC",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "REASONABLE",
            "scope": "UNCHANGED",
            "temporalScore": 8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47"
        },
        {
          "url": "https://fortiguard.com/psirt/FG-IR-22-058"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-26117",
    "datePublished": "2022-07-18T00:00:00",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-25T13:31:44.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.5.0\", \"versionEndIncluding\": \"8.5.2\", \"matchCriteriaId\": \"9B25CF57-8771-436D-8B57-EE67D9F47570\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.6.2\", \"versionEndIncluding\": \"8.6.5\", \"matchCriteriaId\": \"81E4D361-D753-4931-83A7-9085A1B74425\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.7.0\", \"versionEndIncluding\": \"8.7.6\", \"matchCriteriaId\": \"3BD32B25-76B4-4D6E-BB5C-065070297058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.8.0\", \"versionEndIncluding\": \"8.8.11\", \"matchCriteriaId\": \"46929BE3-0396-4B8A-9889-9F6CA73FAD4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.1.0\", \"versionEndExcluding\": \"9.1.6\", \"matchCriteriaId\": \"5D6DF60A-302A-4602-9DA3-282177BB31DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.2.0\", \"versionEndExcluding\": \"9.2.4\", \"matchCriteriaId\": \"6784AAA4-8FE1-4AEA-A9F1-8489FCF78301\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"952F266E-0E48-4D69-81E0-9F813B60AC3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"374069A0-1A0D-45B7-B59D-DA3AA3855444\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11F0FBF-985B-4053-9B16-AA7173BCCC21\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de contrase\\u00f1a vac\\u00eda en el archivo de configuraci\\u00f3n [CWE-258] en FortiNAC versiones 8.3.7 y anteriores, 8.5.2 y anteriores, 8.5.4, 8.6.0, 8.6.5 y anteriores, 8.7.6 y anteriores, 8.8.11 y anteriores, 9.1.5 y anteriores, 9.2.3 y anteriores puede permitir a un atacante autenticado acceder a las bases de datos MySQL por medio de la CLI\"}]",
      "id": "CVE-2022-26117",
      "lastModified": "2024-11-21T06:53:27.890",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2022-07-18T18:15:09.017",
      "references": "[{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-058\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-22-058\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-521\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-26117\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2022-07-18T18:15:09.017\",\"lastModified\":\"2024-11-21T06:53:27.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de contrase\u00f1a vac\u00eda en el archivo de configuraci\u00f3n [CWE-258] en FortiNAC versiones 8.3.7 y anteriores, 8.5.2 y anteriores, 8.5.4, 8.6.0, 8.6.5 y anteriores, 8.7.6 y anteriores, 8.8.11 y anteriores, 9.1.5 y anteriores, 9.2.3 y anteriores puede permitir a un atacante autenticado acceder a las bases de datos MySQL por medio de la CLI\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-521\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.2\",\"matchCriteriaId\":\"9B25CF57-8771-436D-8B57-EE67D9F47570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.6.2\",\"versionEndIncluding\":\"8.6.5\",\"matchCriteriaId\":\"81E4D361-D753-4931-83A7-9085A1B74425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.7.0\",\"versionEndIncluding\":\"8.7.6\",\"matchCriteriaId\":\"3BD32B25-76B4-4D6E-BB5C-065070297058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.8.0\",\"versionEndIncluding\":\"8.8.11\",\"matchCriteriaId\":\"46929BE3-0396-4B8A-9889-9F6CA73FAD4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0\",\"versionEndExcluding\":\"9.1.6\",\"matchCriteriaId\":\"5D6DF60A-302A-4602-9DA3-282177BB31DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.2.0\",\"versionEndExcluding\":\"9.2.4\",\"matchCriteriaId\":\"6784AAA4-8FE1-4AEA-A9F1-8489FCF78301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"952F266E-0E48-4D69-81E0-9F813B60AC3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"374069A0-1A0D-45B7-B59D-DA3AA3855444\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11F0FBF-985B-4053-9B16-AA7173BCCC21\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-22-058\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-22-058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-22-058\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:56:37.812Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-26117\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T14:12:35.607605Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T14:16:16.045Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R\", \"temporalScore\": 8, \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"remediationLevel\": \"NOT_DEFINED\", \"reportConfidence\": \"REASONABLE\", \"temporalSeverity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"exploitCodeMaturity\": \"PROOF_OF_CONCEPT\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"Fortinet FortiNAC\", \"versions\": [{\"status\": \"affected\", \"version\": \"FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below.\"}]}], \"references\": [{\"url\": \"https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47\"}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-22-058\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2023-01-30T00:00:00\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-26117\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T13:31:44.796Z\", \"dateReserved\": \"2022-02-25T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2022-07-18T00:00:00\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

VAR-202207-0114

Vulnerability from variot - Updated: 2023-12-18 12:15

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. FortiNAC contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from the fact that the root account accessing the MySQL database does not have a password set by default and allows connections from localhost. An attacker exploited this vulnerability to connect to a MySQL database as root. There is a security vulnerability in Fortinet FortiNAC

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0114",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.5.2"
      },
      {
        "model": "fortinac",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.8.0"
      },
      {
        "model": "fortinac",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "9.1.6"
      },
      {
        "model": "fortinac",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "9.2.4"
      },
      {
        "model": "fortinac",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "9.1.0"
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.6.5"
      },
      {
        "model": "fortinac",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "9.2.0"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.5.4"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.6.0"
      },
      {
        "model": "fortinac",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.5.0"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.3.7"
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.7.6"
      },
      {
        "model": "fortinac",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.7.0"
      },
      {
        "model": "fortinac",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.6.2"
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.8.11"
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "8.8.11  and earlier"
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "9.1.5  and earlier"
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "8.7.6  and earlier"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "8.6.0"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "9.2.3  and earlier"
      },
      {
        "model": "fortinac",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "8.5.4"
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "8.3.7  and earlier"
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "8.5.2  and earlier"
      },
      {
        "model": "fortinac",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "8.6.5  and earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26117"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.2",
                "versionStartIncluding": "8.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.8.11",
                "versionStartIncluding": "8.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.7.6",
                "versionStartIncluding": "8.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.6.5",
                "versionStartIncluding": "8.6.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.6",
                "versionStartIncluding": "9.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.4",
                "versionStartIncluding": "9.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26117"
      }
    ]
  },
  "cve": "CVE-2022-26117",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-015258",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-26117",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-26117",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-015258",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202207-383",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26117"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-383"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. FortiNAC contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. \nFortinet FortiNAC has a security vulnerability that stems from the fact that the root account accessing the MySQL database does not have a password set by default and allows connections from localhost. An attacker exploited this vulnerability to connect to a MySQL database as root. There is a security vulnerability in Fortinet FortiNAC",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-383"
      },
      {
        "db": "VULHUB",
        "id": "VHN-416878"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-26117",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015258",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-383",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3268",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070529",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-416878",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416878"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-383"
      }
    ]
  },
  "id": "VAR-202207-0114",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416878"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:15:31.842000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-22-058",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-22-058"
      },
      {
        "title": "Fortinet FortiNAC Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=201341"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-383"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-521",
        "trust": 1.1
      },
      {
        "problemtype": "Weak password request (CWE-521) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416878"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26117"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/psirt/fg-ir-22-058"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/orangecertcc/security-research/security/advisories/ghsa-r259-5p5p-2q47"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26117"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-26117/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070529"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3268"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416878"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-383"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-416878"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-383"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-416878"
      },
      {
        "date": "2023-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      },
      {
        "date": "2022-07-18T18:15:09.017000",
        "db": "NVD",
        "id": "CVE-2022-26117"
      },
      {
        "date": "2022-07-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-383"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-416878"
      },
      {
        "date": "2023-09-26T05:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      },
      {
        "date": "2023-02-16T19:28:48.090000",
        "db": "NVD",
        "id": "CVE-2022-26117"
      },
      {
        "date": "2023-02-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-383"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-383"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiNAC\u00a0 Vulnerability in requesting weak passwords in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015258"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-383"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2022-26117

Vulnerability from fkie_nvd - Published: 2022-07-18 18:15 - Updated: 2024-11-21 06:53

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-22-058	Patch, Vendor Advisory
psirt@fortinet.com	https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-22-058	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47	Third Party Advisory

Impacted products

Vendor	Product	Version
fortinet	fortinac	*
fortinet	fortinac	*
fortinet	fortinac	*
fortinet	fortinac	*
fortinet	fortinac	*
fortinet	fortinac	*
fortinet	fortinac	8.3.7
fortinet	fortinac	8.5.4
fortinet	fortinac	8.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B25CF57-8771-436D-8B57-EE67D9F47570",
              "versionEndIncluding": "8.5.2",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E4D361-D753-4931-83A7-9085A1B74425",
              "versionEndIncluding": "8.6.5",
              "versionStartIncluding": "8.6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD32B25-76B4-4D6E-BB5C-065070297058",
              "versionEndIncluding": "8.7.6",
              "versionStartIncluding": "8.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46929BE3-0396-4B8A-9889-9F6CA73FAD4E",
              "versionEndIncluding": "8.8.11",
              "versionStartIncluding": "8.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D6DF60A-302A-4602-9DA3-282177BB31DC",
              "versionEndExcluding": "9.1.6",
              "versionStartIncluding": "9.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6784AAA4-8FE1-4AEA-A9F1-8489FCF78301",
              "versionEndExcluding": "9.2.4",
              "versionStartIncluding": "9.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "952F266E-0E48-4D69-81E0-9F813B60AC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "374069A0-1A0D-45B7-B59D-DA3AA3855444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11F0FBF-985B-4053-9B16-AA7173BCCC21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de contrase\u00f1a vac\u00eda en el archivo de configuraci\u00f3n [CWE-258] en FortiNAC versiones 8.3.7 y anteriores, 8.5.2 y anteriores, 8.5.4, 8.6.0, 8.6.5 y anteriores, 8.7.6 y anteriores, 8.8.11 y anteriores, 9.1.5 y anteriores, 9.2.3 y anteriores puede permitir a un atacante autenticado acceder a las bases de datos MySQL por medio de la CLI"
    }
  ],
  "id": "CVE-2022-26117",
  "lastModified": "2024-11-21T06:53:27.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-18T18:15:09.017",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-22-058"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-22-058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-521"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2022-AVI-613

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 6.x antérieures à 6.2.11
Fortinet	FortiEDR Central Manager	FortiEDR Central Manager versions 5.1.x antérieures à 5.2.0
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.3
Fortinet	FortiNAC	FortiNAC versions antérieures à 9.1.6
Fortinet	FortiManager	FortiManager versions 6.x antérieures à 6.4.8
Fortinet	FortiEDR Central Manager	FortiEDR Central Manager version 5.1.0
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.3
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 6.0.11
Fortinet	FortiEDR Central Manager	FortiEDR Central Manager versions 5.0.x antérieures à 5.0.3 Patch 7
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.1
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 6.4.3
Fortinet	FortiADC	FortiADC versions 7.0.x antérieures à 7.0.2
Fortinet	FortiADC	FortiADC versions antérieures à 6.2.3
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 3.3.3
Fortinet	FortiSwitch	FortiSwitch versions antérieures à 6.4.10
Fortinet	N/A	FortiClientWindows versions 6.x antérieures à 6.4.7
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.9
Fortinet	N/A	FortiVoiceEnterprise versions antérieures à 6.0.11
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.4
Fortinet	FortiProxy	FortiProxy versions antérieures à 2.0.9
Fortinet	FortiDeceptor	FortiDeceptor versions 4.0.x antérieures à 4.0.2
Fortinet	FortiGate	FortiGate versions antérieures à 7.0.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.x antérieures à 6.4.8

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-21-155 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-051 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-057 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-056 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-213 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-190 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-179 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-058 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-049 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-077 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-206 du 05 juillet 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.2.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager versions 5.1.x ant\u00e9rieures \u00e0 5.2.0",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions ant\u00e9rieures \u00e0 9.1.6",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager version 5.1.0",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.0.11",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager versions 5.0.x ant\u00e9rieures \u00e0 5.0.3 Patch 7",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.3.3",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 2.0.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.2",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-42755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42755"
    },
    {
      "name": "CVE-2021-44170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44170"
    },
    {
      "name": "CVE-2021-43072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43072"
    },
    {
      "name": "CVE-2022-26117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26117"
    },
    {
      "name": "CVE-2022-30302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30302"
    },
    {
      "name": "CVE-2022-29057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29057"
    },
    {
      "name": "CVE-2022-26118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26118"
    },
    {
      "name": "CVE-2022-27483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27483"
    },
    {
      "name": "CVE-2021-41031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41031"
    },
    {
      "name": "CVE-2022-26120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26120"
    },
    {
      "name": "CVE-2022-23438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23438"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-613",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-155 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-155"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-051 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-051"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-057 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-057"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-056 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-056"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-213 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-213"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-190 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-190"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-179 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-179"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-058 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-058"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-049 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-049"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-077 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-077"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-206 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-206"
    }
  ]
}

CERTFR-2022-AVI-613

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 6.x antérieures à 6.2.11
Fortinet	FortiEDR Central Manager	FortiEDR Central Manager versions 5.1.x antérieures à 5.2.0
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.3
Fortinet	FortiNAC	FortiNAC versions antérieures à 9.1.6
Fortinet	FortiManager	FortiManager versions 6.x antérieures à 6.4.8
Fortinet	FortiEDR Central Manager	FortiEDR Central Manager version 5.1.0
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.3
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 6.0.11
Fortinet	FortiEDR Central Manager	FortiEDR Central Manager versions 5.0.x antérieures à 5.0.3 Patch 7
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.1
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 6.4.3
Fortinet	FortiADC	FortiADC versions 7.0.x antérieures à 7.0.2
Fortinet	FortiADC	FortiADC versions antérieures à 6.2.3
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 3.3.3
Fortinet	FortiSwitch	FortiSwitch versions antérieures à 6.4.10
Fortinet	N/A	FortiClientWindows versions 6.x antérieures à 6.4.7
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.9
Fortinet	N/A	FortiVoiceEnterprise versions antérieures à 6.0.11
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.4
Fortinet	FortiProxy	FortiProxy versions antérieures à 2.0.9
Fortinet	FortiDeceptor	FortiDeceptor versions 4.0.x antérieures à 4.0.2
Fortinet	FortiGate	FortiGate versions antérieures à 7.0.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.x antérieures à 6.4.8

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-21-155 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-051 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-057 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-056 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-213 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-190 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-179 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-058 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-049 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-077 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-206 du 05 juillet 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.2.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager versions 5.1.x ant\u00e9rieures \u00e0 5.2.0",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions ant\u00e9rieures \u00e0 9.1.6",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager version 5.1.0",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.0.11",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager versions 5.0.x ant\u00e9rieures \u00e0 5.0.3 Patch 7",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.3.3",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 2.0.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.2",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-42755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42755"
    },
    {
      "name": "CVE-2021-44170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44170"
    },
    {
      "name": "CVE-2021-43072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43072"
    },
    {
      "name": "CVE-2022-26117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26117"
    },
    {
      "name": "CVE-2022-30302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30302"
    },
    {
      "name": "CVE-2022-29057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29057"
    },
    {
      "name": "CVE-2022-26118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26118"
    },
    {
      "name": "CVE-2022-27483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27483"
    },
    {
      "name": "CVE-2021-41031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41031"
    },
    {
      "name": "CVE-2022-26120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26120"
    },
    {
      "name": "CVE-2022-23438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23438"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-613",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-155 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-155"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-051 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-051"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-057 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-057"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-056 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-056"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-213 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-213"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-190 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-190"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-179 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-179"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-058 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-058"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-049 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-049"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-077 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-077"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-206 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-206"
    }
  ]
}

GSD-2022-26117

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-26117

Aliases

CVE-2022-26117

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-26117",
    "description": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.",
    "id": "GSD-2022-26117"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-26117"
      ],
      "details": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.",
      "id": "GSD-2022-26117",
      "modified": "2023-12-13T01:19:39.054448Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2022-26117",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet FortiNAC",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "REASONABLE",
            "scope": "UNCHANGED",
            "temporalScore": 8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Execute unauthorized code or commands"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47",
            "refsource": "MISC",
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47"
          },
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-058",
            "refsource": "MISC",
            "url": "https://fortiguard.com/psirt/FG-IR-22-058"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.2",
                "versionStartIncluding": "8.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.8.11",
                "versionStartIncluding": "8.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.7.6",
                "versionStartIncluding": "8.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.6.5",
                "versionStartIncluding": "8.6.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.6",
                "versionStartIncluding": "9.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.4",
                "versionStartIncluding": "9.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-26117"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-521"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-058",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/psirt/FG-IR-22-058"
            },
            {
              "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-16T19:28Z",
      "publishedDate": "2022-07-18T18:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-26117 (GCVE-0-2022-26117)

VAR-202207-0114

FKIE_CVE-2022-26117

CERTFR-2022-AVI-613

Solution

CERTFR-2022-AVI-613

Solution

GSD-2022-26117

Tags

Sightings

Nomenclature