Lucene search

[email protected]NVD:CVE-2022-23442

HistoryAug 03, 2022 - 2:15 p.m.

CVE-2022-23442

2022-08-0314:15:08

[email protected]

web.nvd.nist.gov

improper access control

fortios

vulnerability

vdoms

cli commands

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.

Affected configurations

Nvd

Node

fortinetfortiosRange6.2.0–6.2.11

fortinetfortiosRange6.4.0–6.4.8

fortinetfortiosRange7.0.0–7.0.5

VendorProductVersionCPE
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::

References

fortiguard.com/psirt/FG-IR-22-036

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2022-23442

fortinet1 prion1 cvelist1 nessus1 cve1