Lucene search

FortinetCVE-2022-26122

HistoryNov 02, 2022 - 12:15 p.m.

CVE-2022-26122

2022-11-0212:15:52

CWE-345

fortinet

web.nvd.nist.gov

cve-2022-26122

cwe-345

data authenticity

forticlient

fortimail

fortios

av engines

security vulnerability

nvd

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

Affected configurations

Nvd

Node

fortinetantivirus_engineMatch0.4.23

fortinetantivirus_engineMatch2.0.49

fortinetantivirus_engineMatch2.0.60

fortinetantivirus_engineMatch4.4.54

fortinetantivirus_engineMatch6.33

fortinetantivirus_engineMatch6.137

fortinetantivirus_engineMatch6.142

fortinetantivirus_engineMatch6.144

fortinetantivirus_engineMatch6.145

fortinetantivirus_engineMatch6.156

fortinetantivirus_engineMatch6.157

fortinetantivirus_engineMatch6.243

fortinetantivirus_engineMatch6.252

fortinetantivirus_engineMatch6.253

fortinetfortimailRange6.0.0–6.0.12

fortinetfortimailRange6.2.0–6.2.9

fortinetfortimailRange6.4.0–6.4.6

fortinetfortimailRange7.0.0–7.0.2

fortinetfortimailMatch4.1.0

fortinetfortiosRange6.0.0–6.0.15

fortinetfortiosRange6.2.0–6.2.11

fortinetfortiosRange6.4.0–6.4.10

fortinetfortiosRange7.0.0–7.0.6

fortinetfortiosMatch7.2.0

VendorProductVersionCPE
fortinetantivirus_engine0.4.23cpe:2.3:a:fortinet:antivirus_engine:0.4.23:*:*:*:*:*:*:*
fortinetantivirus_engine2.0.49cpe:2.3:a:fortinet:antivirus_engine:2.0.49:*:*:*:*:*:*:*
fortinetantivirus_engine2.0.60cpe:2.3:a:fortinet:antivirus_engine:2.0.60:*:*:*:*:*:*:*
fortinetantivirus_engine4.4.54cpe:2.3:a:fortinet:antivirus_engine:4.4.54:*:*:*:*:*:*:*
fortinetantivirus_engine6.33cpe:2.3:a:fortinet:antivirus_engine:6.33:*:*:*:*:*:*:*
fortinetantivirus_engine6.137cpe:2.3:a:fortinet:antivirus_engine:6.137:*:*:*:*:*:*:*
fortinetantivirus_engine6.142cpe:2.3:a:fortinet:antivirus_engine:6.142:*:*:*:*:*:*:*
fortinetantivirus_engine6.144cpe:2.3:a:fortinet:antivirus_engine:6.144:*:*:*:*:*:*:*
fortinetantivirus_engine6.145cpe:2.3:a:fortinet:antivirus_engine:6.145:*:*:*:*:*:*:*
fortinetantivirus_engine6.156cpe:2.3:a:fortinet:antivirus_engine:6.156:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	antivirus_engine	0.4.23	cpe:2.3:a:fortinet:antivirus_engine:0.4.23:::::::*
fortinet	antivirus_engine	2.0.49	cpe:2.3:a:fortinet:antivirus_engine:2.0.49:::::::*
fortinet	antivirus_engine	2.0.60	cpe:2.3:a:fortinet:antivirus_engine:2.0.60:::::::*
fortinet	antivirus_engine	4.4.54	cpe:2.3:a:fortinet:antivirus_engine:4.4.54:::::::*
fortinet	antivirus_engine	6.33	cpe:2.3:a:fortinet:antivirus_engine:6.33:::::::*
fortinet	antivirus_engine	6.137	cpe:2.3:a:fortinet:antivirus_engine:6.137:::::::*
fortinet	antivirus_engine	6.142	cpe:2.3:a:fortinet:antivirus_engine:6.142:::::::*
fortinet	antivirus_engine	6.144	cpe:2.3:a:fortinet:antivirus_engine:6.144:::::::*
fortinet	antivirus_engine	6.145	cpe:2.3:a:fortinet:antivirus_engine:6.145:::::::*
fortinet	antivirus_engine	6.156	cpe:2.3:a:fortinet:antivirus_engine:6.156:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "Fortinet AV Engine, FortiMail, FortiOS, FortiClient",
    "versions": [
      {
        "version": "AV Engine version 6.2.168 and below and version 6.4.274 and below.",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-074

Social References

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

Related for CVE-2022-26122