Lucene search

[email protected]NVD:CVE-2022-45857

HistoryJan 05, 2023 - 8:15 a.m.

CVE-2022-45857

2023-01-0508:15:08

CWE-286

[email protected]

web.nvd.nist.gov

cve-2022-45857

vulnerability

fortimanager

vdom creation

access

fortigate

super admin

deletion.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted.

Affected configurations

NVD

Node

fortinetfortimanagerRange6.2.0–6.2.9

fortinetfortimanagerRange6.4.0–6.4.8

fortinetfortimanagerRange7.0.0–7.0.2

References

fortiguard.com/psirt/FG-IR-22-371

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for NVD:CVE-2022-45857

cve1 prion1 nessus1 fortinet1 cvelist1