CVE-2022-38381

Published: Nov 2, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request.

Affected (9)

Products: Fortinet: Fortiadc

Fortinet

1 product

Fortiadc

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiadc	From 5.0.0 to 5.0.4
Fortinet Fortiadc	From 5.1.0 to 5.1.7
Fortinet Fortiadc	From 5.2.0 to 5.2.8
Fortinet Fortiadc	From 5.3.0 to 5.3.7
Fortinet Fortiadc	From 5.4.0 to 5.4.5
Fortinet Fortiadc	From 6.0.0 to 6.0.4
Fortinet Fortiadc	From 6.1.0 to 6.1.6
Fortinet Fortiadc	From 6.2.0 to 6.2.3
Fortinet Fortiadc	From 7.0.0 to 7.0.2

References (2)

https://fortiguard.com/psirt/FG-IR-22-234

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-234

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.