CVE-2022-43947

Published: Apr 11, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.

Affected (6)

Products: Fortinet: Fortios, Fortiproxy

Fortinet

2 products

Fortios

Fortiproxy

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 6.2.0 to 6.4.13
Fortinet Fortios	From 7.0.0 to 7.0.11
Fortinet Fortios	From 7.2.0 to 7.2.4
Fortinet Fortiproxy	From 1.0.0 to 2.0.9
Fortinet Fortiproxy	From 7.0.0 to 7.0.8
Fortinet Fortiproxy	From 7.2.0 to 7.2.2

Related CWEs

CWE-307

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://fortiguard.com/psirt/FG-IR-22-444

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-444

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.