Lucene search
FortinetCVE-2022-42469HistoryApr 11, 2023 - 5:15 p.m.
CVE-2022-42469
2023-04-1117:15:07
CWE-183
fortinet
web.nvd.nist.gov
43
cve-2022-42469
fortigate
vulnerability
cwe-183
ssl-vpn
bypass
ngfw mode
web portal
nvd
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.5
Confidence
High
EPSS
0.001
Percentile
17.5%
A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.
Affected configurations
Node
fortinetfortiosRange7.0.0–7.0.11
ORfortinetfortiosRange7.2.0–7.2.4
CNA Affected
[
{
"vendor": "Fortinet",
"product": "FortiOS",
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "7.2.0",
"lessThanOrEqual": "7.2.3",
"status": "affected"
},
{
"versionType": "semver",
"version": "7.0.0",
"lessThanOrEqual": "7.0.9",
"status": "affected"
}
]
}
]References
Related
nessus
nessus
cvelist
cvelist
CVE-2022-42469
2023-04-11 16:07:17
fortinet
fortinet
Protect
2023-04-11 00:00:00
nvd
nvd
CVE-2022-42469
2023-04-11 17:15:07
prion
prion
Code injection
2023-04-11 17:15:00
ics
ics
Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices
2024-03-14 12:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.5
Confidence
High
EPSS
0.001
Percentile
17.5%
Related for CVE-2022-42469