Lucene search

[email protected]NVD:CVE-2022-43949

HistoryJun 13, 2023 - 9:15 a.m.

CVE-2022-43949

2023-06-1309:15:16

CWE-327

[email protected]

web.nvd.nist.gov

broken cryptographic algorithm

fortisiem

brute force attacks

outdated hashing methods

cve-2022-43949

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

47.7%

JSON

A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.

Affected configurations

Nvd

Node

fortinetfortisiemRange5.3.0–5.3.3

fortinetfortisiemRange6.3.0–6.3.3

fortinetfortisiemRange6.6.0–6.6.3

fortinetfortisiemMatch5.4.0

fortinetfortisiemMatch6.1.0

fortinetfortisiemMatch6.1.1

fortinetfortisiemMatch6.1.2

fortinetfortisiemMatch6.2.0

fortinetfortisiemMatch6.2.1

fortinetfortisiemMatch6.4.0

fortinetfortisiemMatch6.4.1

fortinetfortisiemMatch6.4.2

fortinetfortisiemMatch6.5.0

fortinetfortisiemMatch6.5.1

fortinetfortisiemMatch6.7.0

fortinetfortisiemMatch6.7.1

VendorProductVersionCPE
fortinetfortisiem*cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
fortinetfortisiem5.4.0cpe:2.3:a:fortinet:fortisiem:5.4.0:*:*:*:*:*:*:*
fortinetfortisiem6.1.0cpe:2.3:a:fortinet:fortisiem:6.1.0:*:*:*:*:*:*:*
fortinetfortisiem6.1.1cpe:2.3:a:fortinet:fortisiem:6.1.1:*:*:*:*:*:*:*
fortinetfortisiem6.1.2cpe:2.3:a:fortinet:fortisiem:6.1.2:*:*:*:*:*:*:*
fortinetfortisiem6.2.0cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:*
fortinetfortisiem6.2.1cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:*
fortinetfortisiem6.4.0cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:*
fortinetfortisiem6.4.1cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:*
fortinetfortisiem6.4.2cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortisiem	*	cpe:2.3:a:fortinet:fortisiem::::::::
fortinet	fortisiem	5.4.0	cpe:2.3:a:fortinet:fortisiem:5.4.0:::::::*
fortinet	fortisiem	6.1.0	cpe:2.3:a:fortinet:fortisiem:6.1.0:::::::*
fortinet	fortisiem	6.1.1	cpe:2.3:a:fortinet:fortisiem:6.1.1:::::::*
fortinet	fortisiem	6.1.2	cpe:2.3:a:fortinet:fortisiem:6.1.2:::::::*
fortinet	fortisiem	6.2.0	cpe:2.3:a:fortinet:fortisiem:6.2.0:::::::*
fortinet	fortisiem	6.2.1	cpe:2.3:a:fortinet:fortisiem:6.2.1:::::::*
fortinet	fortisiem	6.4.0	cpe:2.3:a:fortinet:fortisiem:6.4.0:::::::*
fortinet	fortisiem	6.4.1	cpe:2.3:a:fortinet:fortisiem:6.4.1:::::::*
fortinet	fortisiem	6.4.2	cpe:2.3:a:fortinet:fortisiem:6.4.2:::::::*

Rows per page:

1-10 of 141

References

fortiguard.com/psirt/FG-IR-22-259

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

47.7%

JSON

Related for NVD:CVE-2022-43949

cve1 prion1 cvelist1 fortinet1