Lucene search
HistoryApr 11, 2023 - 5:15 p.m.
CVE-2022-42469
vulnerability
fortigate
ssl-vpn
policy bypass
cwe-183
ngfw
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.9
Confidence
High
EPSS
0.001
Percentile
17.5%
A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.
Affected configurations
Node
fortinetfortiosRange7.0.0–7.0.11
ORfortinetfortiosRange7.2.0–7.2.4
References
Related
nessus
nessus
cvelist
cvelist
CVE-2022-42469
2023-04-11 16:07:17
fortinet
fortinet
Protect
2023-04-11 00:00:00
cve
cve
CVE-2022-42469
2023-04-11 17:15:07
prion
prion
Code injection
2023-04-11 17:15:00
ics
ics
Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices
2024-03-14 12:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.9
Confidence
High
EPSS
0.001
Percentile
17.5%
Related for NVD:CVE-2022-42469