← Back

CVE-2022-22305

nvd nist
Published: Sep 1, 2023Modified: Nov 21, 2024

JSON object

Loading...
4.2
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 1.6 / Impact: 2.5
Source: NVD

Description

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.

Affected (20)

Fortinet
4 products
Fortianalyzer
Fortimanager
Fortios
Fortisandbox
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortianalyzer
From 6.0.0 to 6.0.12
Fortianalyzer
From 6.2.9 to 6.4.7
Fortianalyzer
Version 7.0.0
Fortianalyzer
Version 7.0.1
Fortianalyzer
Version 7.0.2
Fortinet
Fortimanager
From 6.0.0 to 6.0.12
Fortimanager
From 6.2.0 to 6.2.11
Fortimanager
From 6.4.0 to 6.4.6
Fortimanager
Version 7.0.0
Fortimanager
Version 7.0.1
Fortinet
Fortios
From 5.6.10 to 5.6.14
Fortios
From 6.0.0 to 6.0.17
Fortios
From 6.2.0 to 6.2.15
Fortinet
Fortisandbox
From 3.0.0 to 3.0.7
Fortisandbox
From 3.1.0 to 3.1.5
Fortisandbox
From 3.2.0 to 3.2.4
Fortisandbox
Version 3.0.1
Fortisandbox
Version 4.0.0
Fortisandbox
Version 4.0.1
Fortisandbox
Version 4.0.2

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE-297
Improper Validation of Certificate with Host Mismatch
The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

References (2)

Source: psirt@fortinet.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.