cvelistv5 - cve-2022-38377

CVE-2022-38377 (GCVE-0-2022-38377)

Vulnerability from cvelistv5 – Published: 2022-11-25 15:47 – Updated: 2024-10-22 20:52

Summary

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.

Severity ?

4.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C

CWE

CWE-284 - Improper access control

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-20-143

Impacted products

Vendor

Product

Version

Fortinet

FortiManager

Affected: 7.2.0
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.2.0 , ≤ 6.2.9 (semver)
Affected: 6.0.0 , ≤ 6.0.11 (semver)

Fortinet

FortiAnalyzer

Affected: 7.2.0
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.2.0 , ≤ 6.2.9 (semver)
Affected: 6.0.0 , ≤ 6.0.11 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:54:03.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-20-143",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-20-143"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-38377",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:18:55.318018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:52:08.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-25T15:47:41.422Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-20-143",
          "url": "https://fortiguard.com/psirt/FG-IR-20-143"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.2.1 or above\r\nPlease upgrade to FortiManager version 7.0.4 or above\r\nPlease upgrade to FortiManager version 6.4.8 or above\n\r\nPlease upgrade to FortiAnalyzer version 7.2.1 or above\r\nPlease upgrade to\u00a0FortiAnalyzer version 7.0.4 or above\r\nPlease upgrade to\u00a0FortiAnalyzer version 6.4.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-38377",
    "datePublished": "2022-11-25T15:47:41.422Z",
    "dateReserved": "2022-08-16T14:17:48.479Z",
    "dateUpdated": "2024-10-22T20:52:08.654Z",
    "requesterUserId": "a0475cc0-be89-4a25-97b3-d1b8023a8677",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.0.12\", \"matchCriteriaId\": \"2318A6AC-AA3E-4604-968C-35A46E79FCB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2.0\", \"versionEndIncluding\": \"6.2.10\", \"matchCriteriaId\": \"5E816164-8C08-4BF7-863B-112076AB6AE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.4.0\", \"versionEndIncluding\": \"6.4.8\", \"matchCriteriaId\": \"19769C95-B563-476D-A4B3-6C317294F1E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndIncluding\": \"7.0.3\", \"matchCriteriaId\": \"42D096D2-1FCB-43A6-8CF3-3226F631BAC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"319D2F9D-E1E5-49C7-8ABD-0A64D7B05D58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.0.11\", \"matchCriteriaId\": \"FD729EF3-1665-4CE7-9FDD-450D5F79A2B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2.0\", \"versionEndIncluding\": \"6.2.9\", \"matchCriteriaId\": \"7D79F4BE-B6BB-414A-A132-D3650B2B5B4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.4.0\", \"versionEndIncluding\": \"6.4.7\", \"matchCriteriaId\": \"105F23CF-6375-402E-A2ED-9827510196EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndIncluding\": \"7.0.3\", \"matchCriteriaId\": \"AA4F8D67-139F-4524-88D4-B32A1580BFBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"407755AA-0C23-4C5B-88A2-8BC12A3D268D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiManager 7.2.0, 7.0.0 a 7.0.3, 6.4.0 a 6.4.7, 6.2.0 a 6.2.9, 6.0.0 a 6.0.11 y FortiAnalyzer 7.2 .0, 7.0.0 a 7.0.3, 6.4.0 a 6.4.8, 6.2.0 a 6.2.10, 6.0.0 a 6.0.12 pueden permitir que un usuario administrador remoto y autenticado asignado a un ADOM espec\\u00edfico acceda a otros ADOM de informaci\\u00f3n, como informaci\\u00f3n del dispositivo e informaci\\u00f3n del panel.\"}]",
      "id": "CVE-2022-38377",
      "lastModified": "2024-11-21T07:16:21.223",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 2.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 1.4}]}",
      "published": "2022-11-25T16:15:10.747",
      "references": "[{\"url\": \"https://fortiguard.com/psirt/FG-IR-20-143\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-20-143\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-38377\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2022-11-25T16:15:10.747\",\"lastModified\":\"2024-11-21T07:16:21.223\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiManager 7.2.0, 7.0.0 a 7.0.3, 6.4.0 a 6.4.7, 6.2.0 a 6.2.9, 6.0.0 a 6.0.11 y FortiAnalyzer 7.2 .0, 7.0.0 a 7.0.3, 6.4.0 a 6.4.8, 6.2.0 a 6.2.10, 6.0.0 a 6.0.12 pueden permitir que un usuario administrador remoto y autenticado asignado a un ADOM espec\u00edfico acceda a otros ADOM de informaci\u00f3n, como informaci\u00f3n del dispositivo e informaci\u00f3n del panel.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.12\",\"matchCriteriaId\":\"2318A6AC-AA3E-4604-968C-35A46E79FCB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.10\",\"matchCriteriaId\":\"5E816164-8C08-4BF7-863B-112076AB6AE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndIncluding\":\"6.4.8\",\"matchCriteriaId\":\"19769C95-B563-476D-A4B3-6C317294F1E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.3\",\"matchCriteriaId\":\"42D096D2-1FCB-43A6-8CF3-3226F631BAC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"319D2F9D-E1E5-49C7-8ABD-0A64D7B05D58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.11\",\"matchCriteriaId\":\"FD729EF3-1665-4CE7-9FDD-450D5F79A2B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.9\",\"matchCriteriaId\":\"7D79F4BE-B6BB-414A-A132-D3650B2B5B4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndIncluding\":\"6.4.7\",\"matchCriteriaId\":\"105F23CF-6375-402E-A2ED-9827510196EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.3\",\"matchCriteriaId\":\"AA4F8D67-139F-4524-88D4-B32A1580BFBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"407755AA-0C23-4C5B-88A2-8BC12A3D268D\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-20-143\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-20-143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"FortiManager\", \"defaultStatus\": \"unaffected\", \"versions\": [{\"version\": \"7.2.0\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"7.0.0\", \"lessThanOrEqual\": \"7.0.3\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.4.0\", \"lessThanOrEqual\": \"6.4.8\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.2.0\", \"lessThanOrEqual\": \"6.2.9\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.0.0\", \"lessThanOrEqual\": \"6.0.11\", \"status\": \"affected\"}]}, {\"vendor\": \"Fortinet\", \"product\": \"FortiAnalyzer\", \"defaultStatus\": \"unaffected\", \"versions\": [{\"version\": \"7.2.0\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"7.0.0\", \"lessThanOrEqual\": \"7.0.3\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.4.0\", \"lessThanOrEqual\": \"6.4.8\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.2.0\", \"lessThanOrEqual\": \"6.2.9\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"6.0.0\", \"lessThanOrEqual\": \"6.0.11\", \"status\": \"affected\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.\"}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2022-11-25T15:47:41.422Z\"}, \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-284\", \"description\": \"Improper access control\", \"type\": \"CWE\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 4.1, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C\"}}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiManager version 7.2.1 or above\\r\\nPlease upgrade to FortiManager version 7.0.4 or above\\r\\nPlease upgrade to FortiManager version 6.4.8 or above\\n\\r\\nPlease upgrade to FortiAnalyzer version 7.2.1 or above\\r\\nPlease upgrade to\\u00a0FortiAnalyzer version 7.0.4 or above\\r\\nPlease upgrade to\\u00a0FortiAnalyzer version 6.4.9 or above\"}], \"references\": [{\"name\": \"https://fortiguard.com/psirt/FG-IR-20-143\", \"url\": \"https://fortiguard.com/psirt/FG-IR-20-143\"}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T10:54:03.674Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://fortiguard.com/psirt/FG-IR-20-143\", \"url\": \"https://fortiguard.com/psirt/FG-IR-20-143\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-38377\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-22T20:18:55.318018Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-22T20:21:11.935Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-38377\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"fortinet\", \"requesterUserId\": \"a0475cc0-be89-4a25-97b3-d1b8023a8677\", \"dateReserved\": \"2022-08-16T14:17:48.479Z\", \"datePublished\": \"2022-11-25T15:47:41.422Z\", \"dateUpdated\": \"2024-10-22T20:52:08.654Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2022-38377

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-38377

Aliases

CVE-2022-38377

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-38377",
    "description": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.",
    "id": "GSD-2022-38377"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-38377"
      ],
      "details": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.",
      "id": "GSD-2022-38377",
      "modified": "2023-12-13T01:19:22.532229Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2022-38377",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FortiManager",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "7.2.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "FortiAnalyzer",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "7.2.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-284",
                "lang": "eng",
                "value": "Improper access control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-20-143",
            "refsource": "MISC",
            "url": "https://fortiguard.com/psirt/FG-IR-20-143"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.2.1 or above\r\nPlease upgrade to FortiManager version 7.0.4 or above\r\nPlease upgrade to FortiManager version 6.4.8 or above\n\r\nPlease upgrade to FortiAnalyzer version 7.2.1 or above\r\nPlease upgrade to\u00a0FortiAnalyzer version 7.0.4 or above\r\nPlease upgrade to\u00a0FortiAnalyzer version 6.4.9 or above"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.8",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.12",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.10",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-38377"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-20-143",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/psirt/FG-IR-20-143"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-12-01T13:28Z",
      "publishedDate": "2022-11-25T16:15Z"
    }
  }
}

GHSA-9F3Q-2P9H-QMQ9

Vulnerability from github – Published: 2022-11-25 18:30 – Updated: 2022-12-01 15:30

Details

Severity ?

2.7 (Low)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-38377"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-25T16:15:00Z",
    "severity": "LOW"
  },
  "details": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.",
  "id": "GHSA-9f3q-2p9h-qmq9",
  "modified": "2022-12-01T15:30:20Z",
  "published": "2022-11-25T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38377"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-20-143"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-38377

Vulnerability from fkie_nvd - Published: 2022-11-25 16:15 - Updated: 2024-11-21 07:16

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-20-143	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-20-143	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortianalyzer	*
fortinet	fortianalyzer	*
fortinet	fortianalyzer	*
fortinet	fortianalyzer	*
fortinet	fortianalyzer	7.2.0
fortinet	fortimanager	*
fortinet	fortimanager	*
fortinet	fortimanager	*
fortinet	fortimanager	*
fortinet	fortimanager	7.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2318A6AC-AA3E-4604-968C-35A46E79FCB8",
              "versionEndIncluding": "6.0.12",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E816164-8C08-4BF7-863B-112076AB6AE2",
              "versionEndIncluding": "6.2.10",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19769C95-B563-476D-A4B3-6C317294F1E9",
              "versionEndIncluding": "6.4.8",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42D096D2-1FCB-43A6-8CF3-3226F631BAC4",
              "versionEndIncluding": "7.0.3",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "319D2F9D-E1E5-49C7-8ABD-0A64D7B05D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD729EF3-1665-4CE7-9FDD-450D5F79A2B9",
              "versionEndIncluding": "6.0.11",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D79F4BE-B6BB-414A-A132-D3650B2B5B4F",
              "versionEndIncluding": "6.2.9",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "105F23CF-6375-402E-A2ED-9827510196EA",
              "versionEndIncluding": "6.4.7",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4F8D67-139F-4524-88D4-B32A1580BFBE",
              "versionEndIncluding": "7.0.3",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "407755AA-0C23-4C5B-88A2-8BC12A3D268D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiManager 7.2.0, 7.0.0 a 7.0.3, 6.4.0 a 6.4.7, 6.2.0 a 6.2.9, 6.0.0 a 6.0.11 y FortiAnalyzer 7.2 .0, 7.0.0 a 7.0.3, 6.4.0 a 6.4.8, 6.2.0 a 6.2.10, 6.0.0 a 6.0.12 pueden permitir que un usuario administrador remoto y autenticado asignado a un ADOM espec\u00edfico acceda a otros ADOM de informaci\u00f3n, como informaci\u00f3n del dispositivo e informaci\u00f3n del panel."
    }
  ],
  "id": "CVE-2022-38377",
  "lastModified": "2024-11-21T07:16:21.223",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-25T16:15:10.747",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-20-143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-20-143"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202209-0222

Vulnerability from variot - Updated: 2023-12-18 13:36

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202209-0222",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.10"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.8"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.2.0  to  6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.0.0  to  6.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.0.0  to  7.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.0  to  6.4.7"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.8",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.12",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.10",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      }
    ]
  },
  "cve": "CVE-2022-38377",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.2,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.7,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2022-38377",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-38377",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-38377",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202209-247",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. fortinet\u0027s FortiAnalyzer and FortiManager Exists in unspecified vulnerabilities.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-38377"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-38377",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-434171",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-38377",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-38377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "id": "VAR-202209-0222",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-434171"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:36:44.605000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-20-143",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-20-143"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/psirt/fg-ir-20-143"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38377"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-information-disclosure-via-adom-39196"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-38377/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-38377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-38377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "date": "2022-11-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-38377"
      },
      {
        "date": "2023-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "date": "2022-11-25T16:15:10.747000",
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "date": "2022-09-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "date": "2022-11-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-38377"
      },
      {
        "date": "2023-11-27T01:14:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "date": "2023-11-07T03:50:06.800000",
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "date": "2022-12-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "fortinet\u0027s \u00a0FortiAnalyzer\u00a0 and \u00a0FortiManager\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2022-AVI-800

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions antérieures à 7.0.4
Fortinet	N/A	FortiAP-W2 versions 7.0.x antérieures à 7.0.4
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.1
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiManager	FortiManager versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-W2 versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-S versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-W2 versions 7.2.x antérieures à 7.2.1
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.0.2
Fortinet	N/A	FortiAP versions 7.2.x antérieures à 7.2.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiAP versions 6.x antérieures à 6.4.8
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiAP-U versions antérieures à 6.2.4
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.6
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.2.1
Fortinet	FortiADC	FortiADC versions antérieures à 6.2.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.x antérieures à 6.4.9
Fortinet	N/A	FortiAP versions 7.0.x antérieures à 7.0.4

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-21-163 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-215 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-140 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-143 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-073 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-152 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-045 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-156 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-306 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-222 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-158 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-154 du 06 septembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-U versions ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-43080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43080"
    },
    {
      "name": "CVE-2022-29062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29062"
    },
    {
      "name": "CVE-2022-38377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38377"
    },
    {
      "name": "CVE-2022-29058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29058"
    },
    {
      "name": "CVE-2022-30298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30298"
    },
    {
      "name": "CVE-2022-29053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29053"
    },
    {
      "name": "CVE-2021-43076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43076"
    },
    {
      "name": "CVE-2022-29061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29061"
    },
    {
      "name": "CVE-2022-27491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27491"
    },
    {
      "name": "CVE-2022-26114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26114"
    },
    {
      "name": "CVE-2022-35847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35847"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-800",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-163 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-163"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-215 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-215"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-140 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-140"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-143 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-143"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-073 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-073"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-152 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-152"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-045 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-045"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-156 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-156"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-306 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-306"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-222 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-222"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-158 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-158"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-154 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-154"
    }
  ]
}

CERTFR-2022-AVI-800

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions antérieures à 7.0.4
Fortinet	N/A	FortiAP-W2 versions 7.0.x antérieures à 7.0.4
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.1
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiManager	FortiManager versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-W2 versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-S versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-W2 versions 7.2.x antérieures à 7.2.1
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.0.2
Fortinet	N/A	FortiAP versions 7.2.x antérieures à 7.2.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiAP versions 6.x antérieures à 6.4.8
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiAP-U versions antérieures à 6.2.4
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.6
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.2.1
Fortinet	FortiADC	FortiADC versions antérieures à 6.2.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.x antérieures à 6.4.9
Fortinet	N/A	FortiAP versions 7.0.x antérieures à 7.0.4

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-21-163 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-215 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-140 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-143 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-073 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-152 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-045 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-156 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-306 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-222 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-158 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-154 du 06 septembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-U versions ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-43080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43080"
    },
    {
      "name": "CVE-2022-29062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29062"
    },
    {
      "name": "CVE-2022-38377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38377"
    },
    {
      "name": "CVE-2022-29058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29058"
    },
    {
      "name": "CVE-2022-30298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30298"
    },
    {
      "name": "CVE-2022-29053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29053"
    },
    {
      "name": "CVE-2021-43076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43076"
    },
    {
      "name": "CVE-2022-29061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29061"
    },
    {
      "name": "CVE-2022-27491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27491"
    },
    {
      "name": "CVE-2022-26114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26114"
    },
    {
      "name": "CVE-2022-35847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35847"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-800",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-163 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-163"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-215 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-215"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-140 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-140"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-143 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-143"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-073 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-073"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-152 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-152"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-045 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-045"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-156 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-156"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-306 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-306"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-222 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-222"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-158 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-158"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-154 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-154"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-38377 (GCVE-0-2022-38377)

GSD-2022-38377

GHSA-9F3Q-2P9H-QMQ9

FKIE_CVE-2022-38377

VAR-202209-0222

CERTFR-2022-AVI-800

Solution

CERTFR-2022-AVI-800

Solution

Tags

Sightings

Nomenclature