8.8
CVE-2022-22300
- EPSS 0.14%
- Veröffentlicht 01.03.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:46:35
- Quelle psirt@fortinet.com
- Teams Watchlist Login
- Unerledigt Login
A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 5.6.0 <= 5.6.11
Fortinet ≫ Fortianalyzer Version >= 6.0.0 <= 6.0.11
Fortinet ≫ Fortianalyzer Version >= 6.2.0 <= 6.2.9
Fortinet ≫ Fortianalyzer Version >= 6.4.0 <= 6.4.7
Fortinet ≫ Fortianalyzer Version >= 7.0.0 < 7.0.3
Fortinet ≫ Fortimanager Version >= 5.6.0 <= 5.6.11
Fortinet ≫ Fortimanager Version >= 6.0.0 <= 6.0.11
Fortinet ≫ Fortimanager Version >= 6.2.0 <= 6.2.9
Fortinet ≫ Fortimanager Version >= 6.4.0 <= 6.4.7
Fortinet ≫ Fortimanager Version >= 7.0.0 < 7.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.352 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| psirt@fortinet.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-755 Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.