CVE-2022-22305

2023-09-0111:43:03

CWE-297

fortinet

www.cve.org

cve-2022-22305

certificate validation

fortimanager

fortianalyzer

fortios

fortisandbox

man-in-the-middle attack

network security

unauthenticated attacker

communication interception

CVSS3

5.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiAnalyzer",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.11",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.0.0",
        "lessThanOrEqual": "6.0.12",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fortinet",
    "product": "FortiSandbox",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "4.0.0",
        "lessThanOrEqual": "4.0.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.2.0",
        "lessThanOrEqual": "3.2.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.1.0",
        "lessThanOrEqual": "3.1.5",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.0.0",
        "lessThanOrEqual": "3.0.7",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fortinet",
    "product": "FortiManager",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.6",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.11",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.0.0",
        "lessThanOrEqual": "6.0.12",
        "status": "affected"
      }
    ]
  }
]