certfr_avis - certfr-2022-avi-613

CERTFR-2022-AVI-613

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 6.x antérieures à 6.2.11
Fortinet	FortiEDR Central Manager	FortiEDR Central Manager versions 5.1.x antérieures à 5.2.0
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.3
Fortinet	FortiNAC	FortiNAC versions antérieures à 9.1.6
Fortinet	FortiManager	FortiManager versions 6.x antérieures à 6.4.8
Fortinet	FortiEDR Central Manager	FortiEDR Central Manager version 5.1.0
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.3
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 6.0.11
Fortinet	FortiEDR Central Manager	FortiEDR Central Manager versions 5.0.x antérieures à 5.0.3 Patch 7
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.1
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 6.4.3
Fortinet	FortiADC	FortiADC versions 7.0.x antérieures à 7.0.2
Fortinet	FortiADC	FortiADC versions antérieures à 6.2.3
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 3.3.3
Fortinet	FortiSwitch	FortiSwitch versions antérieures à 6.4.10
Fortinet	N/A	FortiClientWindows versions 6.x antérieures à 6.4.7
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.9
Fortinet	N/A	FortiVoiceEnterprise versions antérieures à 6.0.11
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.4
Fortinet	FortiProxy	FortiProxy versions antérieures à 2.0.9
Fortinet	FortiDeceptor	FortiDeceptor versions 4.0.x antérieures à 4.0.2
Fortinet	FortiGate	FortiGate versions antérieures à 7.0.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.x antérieures à 6.4.8

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-21-155 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-051 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-057 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-056 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-213 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-190 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-179 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-058 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-049 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-077 du 05 juillet 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-206 du 05 juillet 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.2.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager versions 5.1.x ant\u00e9rieures \u00e0 5.2.0",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions ant\u00e9rieures \u00e0 9.1.6",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager version 5.1.0",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.0.11",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager versions 5.0.x ant\u00e9rieures \u00e0 5.0.3 Patch 7",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.3.3",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 2.0.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.2",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-42755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42755"
    },
    {
      "name": "CVE-2021-44170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44170"
    },
    {
      "name": "CVE-2021-43072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43072"
    },
    {
      "name": "CVE-2022-26117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26117"
    },
    {
      "name": "CVE-2022-30302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30302"
    },
    {
      "name": "CVE-2022-29057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29057"
    },
    {
      "name": "CVE-2022-26118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26118"
    },
    {
      "name": "CVE-2022-27483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27483"
    },
    {
      "name": "CVE-2021-41031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41031"
    },
    {
      "name": "CVE-2022-26120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26120"
    },
    {
      "name": "CVE-2022-23438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23438"
    }
  ],
  "initial_release_date": "2022-07-06T00:00:00",
  "last_revision_date": "2022-07-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-613",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-155 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-155"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-051 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-051"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-057 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-057"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-056 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-056"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-213 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-213"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-190 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-190"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-179 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-179"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-058 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-058"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-049 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-049"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-077 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-077"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-206 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-206"
    }
  ]
}

CVE-2021-41031 (GCVE-0-2021-41031)

Vulnerability from cvelistv5

Published

2022-07-18 16:40

Modified

2024-10-25 13:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Escalation of privilege

Summary

A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.

References

URL

Tags

https://fortiguard.com/advisory/FG-IR-21-190

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiClientWindows	Version: FortiClientWindows 7.0.2, 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:59:31.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-190"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-41031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:12:29.829418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:31:02.324Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiClientWindows",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiClientWindows 7.0.2, 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-18T16:40:12",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-190"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-41031",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiClientWindows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiClientWindows 7.0.2, 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-190",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-190"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-41031",
    "datePublished": "2022-07-18T16:40:12",
    "dateReserved": "2021-09-13T00:00:00",
    "dateUpdated": "2024-10-25T13:31:02.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-44170 (GCVE-0-2021-44170)

Vulnerability from cvelistv5

Published

2022-07-18 16:35

Modified

2024-10-25 13:31

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

CWE

Execute unauthorized code or commands

Summary

A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-21-179

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiProxy, FortiOS	Version: FortiOS before 7.0.4; FortiProxy before 2.0.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:17:24.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-21-179"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-44170",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:12:34.314692Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:31:34.279Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiProxy, FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiOS before 7.0.4; FortiProxy before 2.0.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-18T16:35:11",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-21-179"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-44170",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiProxy, FortiOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiOS before 7.0.4; FortiProxy before 2.0.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 6.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-21-179",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-21-179"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-44170",
    "datePublished": "2022-07-18T16:35:11",
    "dateReserved": "2021-11-23T00:00:00",
    "dateUpdated": "2024-10-25T13:31:34.279Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29057 (GCVE-0-2022-29057)

Vulnerability from cvelistv5

Published

2022-07-18 16:41

Modified

2024-10-22 20:55

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C

CWE

Execute unauthorized code or commands

Summary

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-22-077

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiEDR	Version: FortiEDR 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:10:59.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-077"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-29057",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:19:19.544160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:55:20.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiEDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiEDR 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-19T13:50:09",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-22-077"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-29057",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiEDR",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiEDR 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 5.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-077",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-22-077"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-29057",
    "datePublished": "2022-07-18T16:41:12",
    "dateReserved": "2022-04-11T00:00:00",
    "dateUpdated": "2024-10-22T20:55:20.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-26118 (GCVE-0-2022-26118)

Vulnerability from cvelistv5

Published

2022-07-18 16:40

Modified

2024-10-25 13:30

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

CWE

Escalation of privilege

Summary

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-21-056

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiManager , FortiAnalyzer	Version: FortiManager 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3; FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-21-056"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:12:26.918921Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:30:41.578Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager , FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3; FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-18T16:40:52",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-21-056"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-26118",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager , FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3; FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-21-056",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-21-056"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-26118",
    "datePublished": "2022-07-18T16:40:52",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-25T13:30:41.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-43072 (GCVE-0-2021-43072)

Vulnerability from cvelistv5

Published

2023-07-18 00:01

Modified

2024-09-17 14:05

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RC:C

CWE

CWE-120 - Execute unauthorized code or commands

Summary

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.

References

URL

Tags

https://fortiguard.com/advisory/FG-IR-21-206

Impacted products

Vendor

Product

Version

Fortinet

FortiAnalyzer

Version: 7.0.0   ≤ 7.0.2
Version: 6.4.0   ≤ 6.4.7
Version: 6.2.0   ≤ 6.2.12
Version: 6.0.0   ≤ 6.0.12
Version: 5.6.0   ≤ 5.6.11
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.0:*:*:*:*:*:*:*

Fortinet

FortiManager

Version: 7.0.0   ≤ 7.0.2
Version: 6.4.0   ≤ 6.4.7
Version: 6.2.0   ≤ 6.2.12
Version: 6.0.0   ≤ 6.0.12
Version: 5.6.0   ≤ 5.6.11
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-43072",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T18:40:02.770628Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T18:40:17.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:47:13.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/advisory/FG-IR-21-206",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-206"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.7",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.11",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.7",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.11",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T14:05:39.988Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/advisory/FG-IR-21-206",
          "url": "https://fortiguard.com/advisory/FG-IR-21-206"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.0.3 or above \nPlease upgrade to FortiAnalyzer version 6.4.8 or above \nPlease upgrade to FortiManager version 7.0.3 or above \nPlease upgrade to FortiManager version 6.4.8 or above \nPlease upgrade to FortiOS version 7.2.0 or above \nPlease upgrade to FortiOS version 7.0.6 or above \nPlease upgrade to FortiProxy version 7.0.4 or above \nPlease upgrade to FortiProxy version 2.0.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-43072",
    "datePublished": "2023-07-18T00:01:04.306Z",
    "dateReserved": "2021-10-28T21:06:26.047Z",
    "dateUpdated": "2024-09-17T14:05:39.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-26117 (GCVE-0-2022-26117)

Vulnerability from cvelistv5

Published

2022-07-18 00:00

Modified

2024-10-25 13:31

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RC:R

CWE

Execute unauthorized code or commands

Summary

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.

References

URL

Tags

	https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47
	https://fortiguard.com/psirt/FG-IR-22-058

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiNAC	Version: FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-058"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26117",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:12:35.607605Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:31:44.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiNAC",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "REASONABLE",
            "scope": "UNCHANGED",
            "temporalScore": 8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r259-5p5p-2q47"
        },
        {
          "url": "https://fortiguard.com/psirt/FG-IR-22-058"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-26117",
    "datePublished": "2022-07-18T00:00:00",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-25T13:31:44.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42755 (GCVE-0-2021-42755)

Vulnerability from cvelistv5

Published

2022-07-18 16:35

Modified

2024-08-04 03:38

Severity ?

4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C

CWE

Denial of service

Summary

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-21-155

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy	Version: FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:38:50.211Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-21-155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10\u00a0and below; FortiOS 7.0.2 and below, 6.4.8\u00a0and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10\u00a0and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-18T16:35:20",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-21-155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-42755",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10\u00a0and below; FortiOS 7.0.2 and below, 6.4.8\u00a0and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10\u00a0and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Adjacent",
            "availabilityImpact": "Low",
            "baseScore": 4.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-21-155",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-21-155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-42755",
    "datePublished": "2022-07-18T16:35:20",
    "dateReserved": "2021-10-20T00:00:00",
    "dateUpdated": "2024-08-04T03:38:50.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27483 (GCVE-0-2022-27483)

Vulnerability from cvelistv5

Published

2022-07-18 16:40

Modified

2024-10-25 13:30

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

CWE

Execute unauthorized code or commands

Summary

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-22-049

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiManager, FortiAnalyzer	Version: FortiManager 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiAnalyzer 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:57.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-049"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-27483",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:12:28.395045Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:30:52.271Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager, FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiAnalyzer 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-18T16:40:20",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-22-049"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-27483",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager, FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiAnalyzer 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-049",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-22-049"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-27483",
    "datePublished": "2022-07-18T16:40:20",
    "dateReserved": "2022-03-21T00:00:00",
    "dateUpdated": "2024-10-25T13:30:52.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-30302 (GCVE-0-2022-30302)

Vulnerability from cvelistv5

Published

2022-07-18 16:40

Modified

2024-10-22 20:55

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C

CWE

Information disclosure

Summary

Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-21-213

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiDeceptor	Version: FortiDeceptor 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:48:35.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-21-213"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-30302",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:19:23.572081Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:55:58.209Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiDeceptor",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiDeceptor 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-19T13:45:20",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-21-213"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-30302",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiDeceptor",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiDeceptor 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-21-213",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-21-213"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-30302",
    "datePublished": "2022-07-18T16:40:27",
    "dateReserved": "2022-05-06T00:00:00",
    "dateUpdated": "2024-10-22T20:55:58.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-26120 (GCVE-0-2022-26120)

Vulnerability from cvelistv5

Published

2022-07-18 16:41

Modified

2024-10-22 20:55

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C

CWE

Execute unauthorized code or commands

Summary

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-22-051

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiADC	Version: FortiADC 7.0.0 through 7.0.1, 5.0.0 through 6.2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.633Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-051"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26120",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:19:20.829112Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:55:39.681Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiADC",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiADC  7.0.0 through 7.0.1, 5.0.0 through 6.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple improper neutralization of special elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-18T16:41:00",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-22-051"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-26120",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiADC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiADC  7.0.0 through 7.0.1, 5.0.0 through 6.2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple improper neutralization of special elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 5.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-051",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-22-051"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-26120",
    "datePublished": "2022-07-18T16:41:00",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-22T20:55:39.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23438 (GCVE-0-2022-23438)

Vulnerability from cvelistv5

Published

2022-07-18 16:40

Modified

2024-10-22 20:55

Severity ?

4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:W/RC:U

CWE

Execute unauthorized code or commands

Summary

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-21-057

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiOS	Version: FortiOS 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:43:45.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-21-057"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23438",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:19:22.182347Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:55:49.551Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiOS 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "WORKAROUND",
            "reportConfidence": "UNKNOWN",
            "scope": "CHANGED",
            "temporalScore": 3.9,
            "temporalSeverity": "LOW",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:W/RC:U",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-18T16:40:43",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-21-057"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-23438",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiOS 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "High",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 3.9,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:W/RC:U",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-21-057",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-21-057"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-23438",
    "datePublished": "2022-07-18T16:40:44",
    "dateReserved": "2022-01-19T00:00:00",
    "dateUpdated": "2024-10-22T20:55:49.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2022-AVI-613

Vulnerability from certfr_avis

Solution

CVE-2021-41031 (GCVE-0-2021-41031)

Vulnerability from cvelistv5

CVE-2021-44170 (GCVE-0-2021-44170)

Vulnerability from cvelistv5

CVE-2022-29057 (GCVE-0-2022-29057)

Vulnerability from cvelistv5

CVE-2022-26118 (GCVE-0-2022-26118)

Vulnerability from cvelistv5

CVE-2021-43072 (GCVE-0-2021-43072)

Vulnerability from cvelistv5

CVE-2022-26117 (GCVE-0-2022-26117)

Vulnerability from cvelistv5

CVE-2021-42755 (GCVE-0-2021-42755)

Vulnerability from cvelistv5

CVE-2022-27483 (GCVE-0-2022-27483)

Vulnerability from cvelistv5

CVE-2022-30302 (GCVE-0-2022-30302)

Vulnerability from cvelistv5

CVE-2022-26120 (GCVE-0-2022-26120)

Vulnerability from cvelistv5

CVE-2022-23438 (GCVE-0-2022-23438)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature