certfr_avis - certfr-2024-avi-0677

CERTFR-2024-AVI-0677

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.2
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.x antérieures à 7.2.2
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.4
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.4
Fortinet	FortiDDoS	FortiDDoS versions 5.7.x antérieures à 5.7.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.11
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.8
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.4
Fortinet	FortiSOAR	FortiSOAR versions 7.4.x antérieures à 7.4.1
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.11
Fortinet	FortiDDoS	FortiDDoS versions antérieures à 5.6.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.15
Fortinet	FortiDDoS	FortiDDoS-F versions 6.5.x antérieures à 6.5.1
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.5
Fortinet	FortiDDoS	FortiDDoS-F versions 6.x antérieures à 6.4.2
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-088	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-445	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-467	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-255	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-047	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-012	2024-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions 5.7.x ant\u00e9rieures \u00e0 5.7.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.6.2",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.x ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.3.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2024-21757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21757"
    },
    {
      "name": "CVE-2023-26211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26211"
    },
    {
      "name": "CVE-2024-36505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36505"
    },
    {
      "name": "CVE-2022-45862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45862"
    },
    {
      "name": "CVE-2022-27486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27486"
    }
  ],
  "initial_release_date": "2024-08-14T00:00:00",
  "last_revision_date": "2024-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0677",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-088",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-088"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-445",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-445"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-467",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-467"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-255",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-255"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-047",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-047"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-012",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-012"
    }
  ]
}

CVE-2024-21757 (GCVE-0-2024-21757)

Vulnerability from cvelistv5

Published

2024-08-13 15:51

Modified

2024-08-13 17:48

Severity ?

6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C

CWE

CWE-620 - Escalation of privilege

Summary

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-23-467

Impacted products

Vendor

Product

Version

Fortinet

FortiManager

Version: 7.4.0   ≤ 7.4.1
Version: 7.2.0   ≤ 7.2.4
Version: 7.0.0   ≤ 7.0.10

Fortinet

FortiAnalyzer

Version: 7.4.0   ≤ 7.4.1
Version: 7.2.0   ≤ 7.2.4
Version: 7.0.0   ≤ 7.0.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T17:32:07.480043Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T17:48:37.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.10",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.10",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-620",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T15:51:57.495Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-467",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-467"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.11 or above \nPlease upgrade to FortiAnalyzer version 7.4.2 or above \nPlease upgrade to FortiAnalyzer version 7.2.5 or above \nPlease upgrade to FortiAnalyzer version 7.0.11 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-21757",
    "datePublished": "2024-08-13T15:51:57.495Z",
    "dateReserved": "2024-01-02T10:15:00.526Z",
    "dateUpdated": "2024-08-13T17:48:37.502Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36505 (GCVE-0-2024-36505)

Vulnerability from cvelistv5

Published

2024-08-13 15:51

Modified

2024-08-15 14:16

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RC:R

CWE

CWE-284 - Improper access control

Summary

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-012

Impacted products

	Vendor	Product	Version
	Fortinet	FortiOS	Version: 7.4.0 ≤ 7.4.3 Version: 7.2.5 ≤ 7.2.7 Version: 7.0.12 ≤ 7.0.14 Version: 6.4.13 ≤ 6.4.15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36505",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T14:16:37.203552Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T14:16:57.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.14",
              "status": "affected",
              "version": "7.0.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.13",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T15:51:56.981Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-012",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-012"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.15 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-36505",
    "datePublished": "2024-08-13T15:51:56.981Z",
    "dateReserved": "2024-05-29T08:44:50.759Z",
    "dateUpdated": "2024-08-15T14:16:57.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3596 (GCVE-0-2024-3596)

Vulnerability from cvelistv5

Published

2024-07-09 12:02

Modified

2025-09-04 21:05

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

Summary

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

References

URL

Tags

	https://datatracker.ietf.org/doc/html/rfc2865
	https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
	https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
	https://www.blastradius.fail/
	http://www.openwall.com/lists/oss-security/2024/07/09/4
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
	https://cert-portal.siemens.com/productcert/html/ssa-794185.html	vendor-advisory
	https://cert-portal.siemens.com/productcert/html/ssa-723487.html	vendor-advisory

Impacted products

	Vendor	Product	Version
	IETF	RFC	Version: 2865

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rfc",
            "vendor": "ietf",
            "versions": [
              {
                "status": "affected",
                "version": "2865"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-3596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T03:55:37.141738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-04T21:05:25.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-29T14:32:14.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240822-0001/"
          },
          {
            "url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/html/rfc2865"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.blastradius.fail/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RFC",
          "vendor": "IETF",
          "versions": [
            {
              "status": "affected",
              "version": "2865"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-328: Use of Weak Hash",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-03T17:29:16.788Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc2865"
        },
        {
          "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
        },
        {
          "url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
        },
        {
          "url": "https://www.blastradius.fail/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
        },
        {
          "name": "Siemens Security Advisory by Siemens ProductCERT for  SIPROTEC, SICAM and related product",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-794185.html"
        },
        {
          "name": "Siemens Security Advisory by Siemens ProductCERT to SCALANCE, RUGGEDCOM and related products.",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-723487.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.",
      "x_generator": {
        "engine": "VINCE 3.0.4",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2024-3596",
    "datePublished": "2024-07-09T12:02:53.001Z",
    "dateReserved": "2024-04-10T15:09:45.391Z",
    "dateUpdated": "2025-09-04T21:05:25.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27486 (GCVE-0-2022-27486)

Vulnerability from cvelistv5

Published

2024-08-13 15:51

Modified

2024-08-14 14:41

Severity ?

6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C

CWE

CWE-78 - Improper access control

Summary

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-22-047

Impacted products

Vendor

Product

Version

Fortinet

FortiDDoS

Version: 5.7.0
Version: 5.5.0   ≤ 5.5.1
Version: 5.4.0   ≤ 5.4.2
Version: 5.3.0   ≤ 5.3.2
Version: 5.2.0
Version: 5.1.0
Version: 5.0.0
Version: 4.7.0
Version: 4.6.0
Version: 4.5.0

Fortinet

FortiDDoS-F

Version: 6.5.0
Version: 6.4.0   ≤ 6.4.1
Version: 6.3.0   ≤ 6.3.4
Version: 6.2.0   ≤ 6.2.2
Version: 6.1.0   ≤ 6.1.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-27486",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T14:40:48.122036Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T14:41:14.087Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiDDoS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "5.7.0"
            },
            {
              "lessThanOrEqual": "5.5.1",
              "status": "affected",
              "version": "5.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.2",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.2",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            },
            {
              "status": "affected",
              "version": "4.7.0"
            },
            {
              "status": "affected",
              "version": "4.6.0"
            },
            {
              "status": "affected",
              "version": "4.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiDDoS-F",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.0"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.4",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.2",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.5",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root`\u00a0via `execute` CLI commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T15:51:57.242Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-22-047",
          "url": "https://fortiguard.com/psirt/FG-IR-22-047"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiDDoS version 5.7.1 or above \nPlease upgrade to FortiDDoS version 5.6.2 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiDDoS version 5.4.3 or above \nPlease upgrade to FortiDDoS-F version 6.5.1 or above \nPlease upgrade to FortiDDoS-F version 6.4.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-27486",
    "datePublished": "2024-08-13T15:51:57.242Z",
    "dateReserved": "2022-03-21T16:03:48.575Z",
    "dateUpdated": "2024-08-14T14:41:14.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-26211 (GCVE-0-2023-26211)

Vulnerability from cvelistv5

Published

2024-08-13 15:51

Modified

2024-08-13 16:00

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P

CWE

CWE-79 - Execute unauthorized code or commands

Summary

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-23-088

Impacted products

	Vendor	Product	Version
	Fortinet	FortiSOAR	Version: 7.3.0 ≤ 7.3.2 Version: 7.2.0 ≤ 7.2.2 Version: 7.0.0 ≤ 7.0.3 Version: 6.4.3 ≤ 6.4.4 Version: 6.4.0 ≤ 6.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-26211",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T15:59:48.473867Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T16:00:04.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.3.2",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T15:51:56.864Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-088",
          "url": "https://fortiguard.com/psirt/FG-IR-23-088"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.5.0 or above \nPlease upgrade to FortiSOAR version 7.4.1 or above \nPlease upgrade to FortiSOAR version 7.3.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-26211",
    "datePublished": "2024-08-13T15:51:56.864Z",
    "dateReserved": "2023-02-20T15:09:20.637Z",
    "dateUpdated": "2024-08-13T16:00:04.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-45862 (GCVE-0-2022-45862)

Vulnerability from cvelistv5

Published

2024-08-13 15:51

Modified

2024-08-13 17:32

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RC:C

CWE

CWE-613 - Improper access control

Summary

An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-22-445

Impacted products

Vendor

Product

Version

Fortinet

FortiPAM

Version: 1.3.0
Version: 1.2.0
Version: 1.1.0 ≤ 1.1.2
Version: 1.0.0 ≤ 1.0.3

Fortinet	FortiProxy	Version: 7.2.0 ≤ 7.2.11 Version: 7.0.0 ≤ 7.0.18
Fortinet	FortiOS	Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.7 Version: 6.4.0 ≤ 6.4.11
Fortinet	FortiSwitchManager	Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-45862",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T17:32:08.496052Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T17:32:25.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.0"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.11",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.18",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiSwitchManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T15:51:57.147Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-22-445",
          "url": "https://fortiguard.com/psirt/FG-IR-22-445"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 7.4.0 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiPAM version 1.4.0 or above \nPlease upgrade to FortiProxy version 7.4.0 or above \nPlease upgrade to FortiSwitchManager version 7.2.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-45862",
    "datePublished": "2024-08-13T15:51:57.147Z",
    "dateReserved": "2022-11-23T14:57:05.613Z",
    "dateUpdated": "2024-08-13T17:32:25.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2024-AVI-0677

Vulnerability from certfr_avis

Solutions

CVE-2024-21757 (GCVE-0-2024-21757)

Vulnerability from cvelistv5

CVE-2024-36505 (GCVE-0-2024-36505)

Vulnerability from cvelistv5

CVE-2024-3596 (GCVE-0-2024-3596)

Vulnerability from cvelistv5

CVE-2022-27486 (GCVE-0-2022-27486)

Vulnerability from cvelistv5

CVE-2023-26211 (GCVE-0-2023-26211)

Vulnerability from cvelistv5

CVE-2022-45862 (GCVE-0-2022-45862)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature