8.8
CVE-2022-22300
- EPSS 0.14%
- Veröffentlicht 01.03.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:46:35
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
LoginA improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 5.6.0 <= 5.6.11
Fortinet ≫ Fortianalyzer Version >= 6.0.0 <= 6.0.11
Fortinet ≫ Fortianalyzer Version >= 6.2.0 <= 6.2.9
Fortinet ≫ Fortianalyzer Version >= 6.4.0 <= 6.4.7
Fortinet ≫ Fortianalyzer Version >= 7.0.0 < 7.0.3
Fortinet ≫ Fortimanager Version >= 5.6.0 <= 5.6.11
Fortinet ≫ Fortimanager Version >= 6.0.0 <= 6.0.11
Fortinet ≫ Fortimanager Version >= 6.2.0 <= 6.2.9
Fortinet ≫ Fortimanager Version >= 6.4.0 <= 6.4.7
Fortinet ≫ Fortimanager Version >= 7.0.0 < 7.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.352 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| psirt@fortinet.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-755 Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.