CVE-2022-22305
Severity Score
4.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.
Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiManager v7.0.1 y versiones inferiores, v6.4.6 y versiones inferiores; FortiAnalyzer v7.0.2 y versiones inferiores, v6.4.7 y versiones inferiores; FortiOS v6.2.x y v6.0.x; FortiSandbox v4.0.x, 3.2.x y 3.1.x puede permitir a un atacante adyacente a la red y no autenticado interceder en la comunicación mediante la técnica de man-in-the-middle entre los productos enumerados y algunos peers externos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-03 CVE Reserved
- 2023-09-01 CVE Published
- 2023-09-08 EPSS Updated
- 2024-09-27 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
- CWE-297: Improper Validation of Certificate with Host Mismatch
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-18-292 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 6.0.0 <= 6.0.12 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 6.0.0 <= 6.0.12" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 6.2.9 <= 6.4.7 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 6.2.9 <= 6.4.7" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | 7.0.0 Search vendor "Fortinet" for product "Fortianalyzer" and version "7.0.0" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | 7.0.1 Search vendor "Fortinet" for product "Fortianalyzer" and version "7.0.1" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | 7.0.2 Search vendor "Fortinet" for product "Fortianalyzer" and version "7.0.2" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | >= 6.0.0 <= 6.0.12 Search vendor "Fortinet" for product "Fortimanager" and version " >= 6.0.0 <= 6.0.12" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | >= 6.2.0 <= 6.2.11 Search vendor "Fortinet" for product "Fortimanager" and version " >= 6.2.0 <= 6.2.11" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | >= 6.4.0 <= 6.4.6 Search vendor "Fortinet" for product "Fortimanager" and version " >= 6.4.0 <= 6.4.6" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | 7.0.0 Search vendor "Fortinet" for product "Fortimanager" and version "7.0.0" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortimanager Search vendor "Fortinet" for product "Fortimanager" | 7.0.1 Search vendor "Fortinet" for product "Fortimanager" and version "7.0.1" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortisandbox Search vendor "Fortinet" for product "Fortisandbox" | >= 3.0.0 <= 3.0.7 Search vendor "Fortinet" for product "Fortisandbox" and version " >= 3.0.0 <= 3.0.7" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortisandbox Search vendor "Fortinet" for product "Fortisandbox" | >= 3.1.0 <= 3.1.5 Search vendor "Fortinet" for product "Fortisandbox" and version " >= 3.1.0 <= 3.1.5" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortisandbox Search vendor "Fortinet" for product "Fortisandbox" | >= 3.2.0 <= 3.2.4 Search vendor "Fortinet" for product "Fortisandbox" and version " >= 3.2.0 <= 3.2.4" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortisandbox Search vendor "Fortinet" for product "Fortisandbox" | 3.0.1 Search vendor "Fortinet" for product "Fortisandbox" and version "3.0.1" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortisandbox Search vendor "Fortinet" for product "Fortisandbox" | 4.0.0 Search vendor "Fortinet" for product "Fortisandbox" and version "4.0.0" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortisandbox Search vendor "Fortinet" for product "Fortisandbox" | 4.0.1 Search vendor "Fortinet" for product "Fortisandbox" and version "4.0.1" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortisandbox Search vendor "Fortinet" for product "Fortisandbox" | 4.0.2 Search vendor "Fortinet" for product "Fortisandbox" and version "4.0.2" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 5.6.10 <= 5.6.14 Search vendor "Fortinet" for product "Fortios" and version " >= 5.6.10 <= 5.6.14" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 6.0.0 <= 6.0.17 Search vendor "Fortinet" for product "Fortios" and version " >= 6.0.0 <= 6.0.17" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 6.2.0 <= 6.2.15 Search vendor "Fortinet" for product "Fortios" and version " >= 6.2.0 <= 6.2.15" | - |
Affected
| ||||||