← Back

CVE-2022-26122

nvd nist
Published: Nov 2, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.6
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 4.0
Source: NVD

Description

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

Affected (24)

Fortinet
3 products
Antivirus Engine
Fortimail
Fortios
Configuration A
24 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Antivirus Engine
Version 0.4.23
Antivirus Engine
Version 2.0.49
Antivirus Engine
Version 2.0.60
Antivirus Engine
Version 4.4.54
Antivirus Engine
Version 6.137
Antivirus Engine
Version 6.142
Antivirus Engine
Version 6.144
Antivirus Engine
Version 6.145
Antivirus Engine
Version 6.156
Antivirus Engine
Version 6.157
Antivirus Engine
Version 6.243
Antivirus Engine
Version 6.252
Antivirus Engine
Version 6.253
Antivirus Engine
Version 6.33
Fortinet
Fortimail
From 6.0.0 to 6.0.12
Fortimail
From 6.2.0 to 6.2.9
Fortimail
From 6.4.0 to 6.4.6
Fortimail
From 7.0.0 to 7.0.2
Fortimail
Version 4.1.0
Fortinet
Fortios
From 6.0.0 to 6.0.15
Fortios
From 6.2.0 to 6.2.11
Fortios
From 6.4.0 to 6.4.10
Fortios
From 7.0.0 to 7.0.6
Fortios
Version 7.2.0

Related CWEs

CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (2)

Source: psirt@fortinet.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.