Lucene search

[email protected]NVD:CVE-2022-27491

HistorySep 06, 2022 - 6:15 p.m.

CVE-2022-27491

2022-09-0618:15:12

[email protected]

web.nvd.nist.gov

improper verification

fortinet fortios

remote attacker

html data flooding

tcp requests

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.4%

JSON

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of “blocked page” HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim.

Affected configurations

Nvd

Node

fortinetfortiosRange6.0.0–6.0.14

fortinetfortiosRange6.2.0–6.2.11

fortinetfortiosRange6.4.0–6.4.9

fortinetfortiosRange7.0.0–7.0.6

fortinetfortiosMatch7.2.0

VendorProductVersionCPE
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
fortinetfortios7.2.0cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::
fortinet	fortios	7.2.0	cpe:2.3:o:fortinet:fortios:7.2.0:::::::*

References

fortiguard.com/psirt/FG-IR-22-073

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.4%

JSON

Related for NVD:CVE-2022-27491

fortinet1 cve1 prion1 cvelist1 nessus6