CVE-2022-35843
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.
Una omisión de autenticación por vulnerabilidad de datos supuestamente inmutables [CWE-302] en el componente de inicio de sesión SSH de FortiOS 7.2.0, 7.0.0 a 7.0.7, 6.4.0 a 6.4.9, 6.2 todas las versiones, 6.0 todas las versiones y FortiProxy SSH El componente de inicio de sesión 7.0.0 a 7.0.5, 2.0.0 a 2.0.10, 1.2.0 todas las versiones puede permitir que un atacante remoto y no autenticado inicie sesión en el dispositivo mediante el envío de una respuesta Access-Challenge especialmente manipulada desde el servidor Radius.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-07-13 CVE Reserved
- 2022-12-06 CVE Published
- 2024-06-28 EPSS Updated
- 2024-10-23 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-22-255 | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fortinet Search vendor "Fortinet" | Fortiproxy Search vendor "Fortinet" for product "Fortiproxy" | >= 1.2.0 <= 1.2.13 Search vendor "Fortinet" for product "Fortiproxy" and version " >= 1.2.0 <= 1.2.13" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiproxy Search vendor "Fortinet" for product "Fortiproxy" | >= 2.0.0 <= 2.0.10 Search vendor "Fortinet" for product "Fortiproxy" and version " >= 2.0.0 <= 2.0.10" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiproxy Search vendor "Fortinet" for product "Fortiproxy" | >= 7.0.0 <= 7.0.6 Search vendor "Fortinet" for product "Fortiproxy" and version " >= 7.0.0 <= 7.0.6" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 6.0.0 <= 6.0.15 Search vendor "Fortinet" for product "Fortios" and version " >= 6.0.0 <= 6.0.15" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 6.2.0 <= 6.2.12 Search vendor "Fortinet" for product "Fortios" and version " >= 6.2.0 <= 6.2.12" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 6.4.0 <= 6.4.9 Search vendor "Fortinet" for product "Fortios" and version " >= 6.4.0 <= 6.4.9" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 7.0.0 <= 7.0.7 Search vendor "Fortinet" for product "Fortios" and version " >= 7.0.0 <= 7.0.7" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | 7.2.0 Search vendor "Fortinet" for product "Fortios" and version "7.2.0" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | 7.2.1 Search vendor "Fortinet" for product "Fortios" and version "7.2.1" | - |
Affected
| ||||||