CVE-2022-26121

Published: Oct 10, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path.

Affected (10)

Products: Fortinet: Fortimanager, Fortianalyzer

Fortinet

2 products

Fortimanager

Fortianalyzer

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortimanager	After 5.6.0 to 5.6.11
Fortinet Fortimanager	After 6.0.0 to 6.0.11
Fortinet Fortimanager	After 6.2.0 to 6.2.9
Fortinet Fortimanager	After 6.4.0 to 6.4.8
Fortinet Fortimanager	After 7.0.0 to 7.0.3

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortianalyzer	After 5.6.0 to 5.6.11
Fortinet Fortianalyzer	After 6.0.0 to 6.0.11
Fortinet Fortianalyzer	After 6.2.0 to 6.2.9
Fortinet Fortianalyzer	After 6.4.0 to 6.4.8
Fortinet Fortianalyzer	After 7.0.0 to 7.0.3

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://fortiguard.com/psirt/FG-IR-22-026

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-026

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.