CVE-2022-22300

Published: Mar 1, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.

Affected (10)

Products: Fortinet: Fortianalyzer, Fortimanager

Fortinet

2 products

Fortianalyzer

Fortimanager

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortianalyzer	From 5.6.0 to 5.6.11
Fortinet Fortianalyzer	From 6.0.0 to 6.0.11
Fortinet Fortianalyzer	From 6.2.0 to 6.2.9
Fortinet Fortianalyzer	From 6.4.0 to 6.4.7
Fortinet Fortianalyzer	From 7.0.0 to 7.0.3
Fortinet Fortimanager	From 5.6.0 to 5.6.11
Fortinet Fortimanager	From 6.0.0 to 6.0.11
Fortinet Fortimanager	From 6.2.0 to 6.2.9
Fortinet Fortimanager	From 6.4.0 to 6.4.7
Fortinet Fortimanager	From 7.0.0 to 7.0.3

Related CWEs

CWE-755

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (2)

https://fortiguard.com/psirt/FG-IR-21-255

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-21-255

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.