CVE-2022-42478 (GCVE-0-2022-42478)
Vulnerability from cvelistv5
Published
2023-06-13 08:41
Modified
2024-10-23 14:27
Severity ?
EPSS score ?
Summary
An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-258 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-258 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Version: 6.7.0 Version: 6.6.0 ≤ 6.6.3 Version: 6.5.0 ≤ 6.5.1 Version: 6.4.0 ≤ 6.4.2 Version: 6.3.0 ≤ 6.3.3 Version: 6.2.0 ≤ 6.2.1 Version: 6.1.0 ≤ 6.1.2 Version: 5.4.0 Version: 5.3.0 ≤ 5.3.3 Version: 5.2.5 ≤ 5.2.8 Version: 5.2.1 ≤ 5.2.2 Version: 5.1.0 ≤ 5.1.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:10:40.933Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-258", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-258", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-42478", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:10:59.872029Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:27:01.609Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiSIEM", vendor: "Fortinet", versions: [ { status: "affected", version: "6.7.0", }, { lessThanOrEqual: "6.6.3", status: "affected", version: "6.6.0", versionType: "semver", }, { lessThanOrEqual: "6.5.1", status: "affected", version: "6.5.0", versionType: "semver", }, { lessThanOrEqual: "6.4.2", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.3.3", status: "affected", version: "6.3.0", versionType: "semver", }, { lessThanOrEqual: "6.2.1", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.1.2", status: "affected", version: "6.1.0", versionType: "semver", }, { status: "affected", version: "5.4.0", }, { lessThanOrEqual: "5.3.3", status: "affected", version: "5.3.0", versionType: "semver", }, { lessThanOrEqual: "5.2.8", status: "affected", version: "5.2.5", versionType: "semver", }, { lessThanOrEqual: "5.2.2", status: "affected", version: "5.2.1", versionType: "semver", }, { lessThanOrEqual: "5.1.3", status: "affected", version: "5.1.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-307", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:41:42.765Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-258", url: "https://fortiguard.com/psirt/FG-IR-22-258", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiSIEM version 7.0.0 or above Please upgrade to FortiSIEM version 6.7.1 or above ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-42478", datePublished: "2023-06-13T08:41:42.765Z", dateReserved: "2022-10-07T14:05:36.302Z", dateUpdated: "2024-10-23T14:27:01.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.1.0\", \"versionEndIncluding\": \"5.1.3\", \"matchCriteriaId\": \"D52F2E6B-9A88-4DB4-8CB9-09A3AFFF1685\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.3.0\", \"versionEndIncluding\": \"5.3.3\", \"matchCriteriaId\": \"A0258A88-352D-4F9A-894D-F7442CAFE461\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.3.0\", \"versionEndIncluding\": \"6.3.3\", \"matchCriteriaId\": \"D9FC4C46-F269-4635-80BE-BED292538FEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:5.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE69B846-3B23-401D-98D0-46DC976A25FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:5.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE4C2A49-23CB-4104-A345-46B3B4A29A24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:5.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B114C6F-82AF-4ADF-B840-61851B9E39C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:5.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C759185-C780-426F-8185-258C88A924A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:5.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B669A735-2DC0-434A-9CE1-0232F62848D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:5.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A5FA2FC-419D-46E8-ACE3-929E5B39F1AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91E43A1B-D4C5-4FFF-9D3E-00140023921E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F52E2B2-A3B1-493F-B092-77A2A44E855A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B16CB79-AC63-41EA-AE9A-D6030449ACD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"912BA146-D840-4855-8C47-AC3D5E6D0C4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51452B16-AB83-41D3-8779-3E1AEA818AD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F453DE5-E31D-4BD1-8978-DD6D166045E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C48AC74D-9FBE-4194-9BE8-FD2D6A0EC788\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFFA27A5-0168-4261-9A04-D2DBB0A9946D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2035DFA0-FF3A-4BBF-ABFE-0E310A7C668B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A391C353-BD26-4262-B86F-E3FBF8915DCA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDD5BE55-0990-4646-ADA7-9A30981D4DF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F46426B1-B144-432C-8BA6-317617EBC110\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6590962C-FF61-4237-8F30-33B15829C8B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32B5BFCB-DFD4-4519-A2AF-1FABA58FA04D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50635727-53A0-476F-BB86-A47CDAA3D45B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortisiem:6.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0534E1D8-8099-4FF1-A5A9-36CCA8F7956A\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.\"}]", id: "CVE-2022-42478", lastModified: "2024-11-21T07:25:03.170", metrics: "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}", published: "2023-06-13T09:15:15.653", references: "[{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-258\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-22-258\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-307\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-307\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2022-42478\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2023-06-13T09:15:15.653\",\"lastModified\":\"2024-11-21T07:25:03.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-307\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-307\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1.0\",\"versionEndIncluding\":\"5.1.3\",\"matchCriteriaId\":\"D52F2E6B-9A88-4DB4-8CB9-09A3AFFF1685\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3.0\",\"versionEndIncluding\":\"5.3.3\",\"matchCriteriaId\":\"A0258A88-352D-4F9A-894D-F7442CAFE461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0\",\"versionEndIncluding\":\"6.3.3\",\"matchCriteriaId\":\"D9FC4C46-F269-4635-80BE-BED292538FEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE69B846-3B23-401D-98D0-46DC976A25FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:5.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE4C2A49-23CB-4104-A345-46B3B4A29A24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:5.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B114C6F-82AF-4ADF-B840-61851B9E39C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:5.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C759185-C780-426F-8185-258C88A924A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:5.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B669A735-2DC0-434A-9CE1-0232F62848D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:5.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5FA2FC-419D-46E8-ACE3-929E5B39F1AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91E43A1B-D4C5-4FFF-9D3E-00140023921E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F52E2B2-A3B1-493F-B092-77A2A44E855A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B16CB79-AC63-41EA-AE9A-D6030449ACD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"912BA146-D840-4855-8C47-AC3D5E6D0C4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51452B16-AB83-41D3-8779-3E1AEA818AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F453DE5-E31D-4BD1-8978-DD6D166045E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C48AC74D-9FBE-4194-9BE8-FD2D6A0EC788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFFA27A5-0168-4261-9A04-D2DBB0A9946D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2035DFA0-FF3A-4BBF-ABFE-0E310A7C668B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A391C353-BD26-4262-B86F-E3FBF8915DCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDD5BE55-0990-4646-ADA7-9A30981D4DF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F46426B1-B144-432C-8BA6-317617EBC110\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6590962C-FF61-4237-8F30-33B15829C8B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32B5BFCB-DFD4-4519-A2AF-1FABA58FA04D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50635727-53A0-476F-BB86-A47CDAA3D45B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisiem:6.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0534E1D8-8099-4FF1-A5A9-36CCA8F7956A\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-22-258\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-22-258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-258\", \"name\": \"https://fortiguard.com/psirt/FG-IR-22-258\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:10:40.933Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-42478\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T14:10:59.872029Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T14:14:41.895Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:U/RC:C\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"FortiSIEM\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.7.0\"}, {\"status\": \"affected\", \"version\": \"6.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.3\"}, {\"status\": \"affected\", \"version\": \"6.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.5.1\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.2\"}, {\"status\": \"affected\", \"version\": \"6.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.3.3\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.1\"}, {\"status\": \"affected\", \"version\": \"6.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.2\"}, {\"status\": \"affected\", \"version\": \"5.4.0\"}, {\"status\": \"affected\", \"version\": \"5.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.3.3\"}, {\"status\": \"affected\", \"version\": \"5.2.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.2.8\"}, {\"status\": \"affected\", \"version\": \"5.2.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.2.2\"}, {\"status\": \"affected\", \"version\": \"5.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.1.3\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiSIEM version 7.0.0 or above Please upgrade to FortiSIEM version 6.7.1 or above \"}], \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-258\", \"name\": \"https://fortiguard.com/psirt/FG-IR-22-258\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-307\", \"description\": \"Improper access control\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2023-06-13T08:41:42.765Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2022-42478\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-23T14:27:01.609Z\", \"dateReserved\": \"2022-10-07T14:05:36.302Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2023-06-13T08:41:42.765Z\", \"assignerShortName\": \"fortinet\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.