Lucene search

[email protected]NVD:CVE-2023-22642

HistoryApr 11, 2023 - 5:15 p.m.

CVE-2023-22642

2023-04-1117:15:08

CWE-295

[email protected]

web.nvd.nist.gov

certificate validation vulnerability

fortianalyzer

fortimanager

man-in-the-middle

remote attacker

unauthenticated

fortiguard server

outbreakalert resources

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

45.5%

JSON

An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.

Affected configurations

Nvd

Node

fortinetfortianalyzerRange6.4.8–6.4.11

fortinetfortianalyzerRange7.0.0–7.0.6

fortinetfortianalyzerRange7.2.0–7.2.2

fortinetfortimanagerRange6.4.8–6.4.11

fortinetfortimanagerRange7.0.0–7.0.6

fortinetfortimanagerRange7.2.0–7.2.2

VendorProductVersionCPE
fortinetfortianalyzer*cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
fortinetfortimanager*cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortianalyzer	*	cpe:2.3:a:fortinet:fortianalyzer::::::::
fortinet	fortimanager	*	cpe:2.3:a:fortinet:fortimanager::::::::

References

fortiguard.com/psirt/FG-IR-22-502

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

45.5%

JSON

Related for NVD:CVE-2023-22642

fortinet1 cve1 prion1 cvelist1