8.8
CVE-2022-22300
- EPSS 0.14%
- Published 01.03.2022 19:15:08
- Last modified 21.11.2024 06:46:35
- Source psirt@fortinet.com
- Teams watchlist Login
- Open Login
A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.
Data is provided by the National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 5.6.0 <= 5.6.11
Fortinet ≫ Fortianalyzer Version >= 6.0.0 <= 6.0.11
Fortinet ≫ Fortianalyzer Version >= 6.2.0 <= 6.2.9
Fortinet ≫ Fortianalyzer Version >= 6.4.0 <= 6.4.7
Fortinet ≫ Fortianalyzer Version >= 7.0.0 < 7.0.3
Fortinet ≫ Fortimanager Version >= 5.6.0 <= 5.6.11
Fortinet ≫ Fortimanager Version >= 6.0.0 <= 6.0.11
Fortinet ≫ Fortimanager Version >= 6.2.0 <= 6.2.9
Fortinet ≫ Fortimanager Version >= 6.4.0 <= 6.4.7
Fortinet ≫ Fortimanager Version >= 7.0.0 < 7.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.352 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| psirt@fortinet.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-755 Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.