CVE-2022-22305 - OpenCVE

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Fortinet	Fortios Fortisandbox Fortianalyzer Fortimanager

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer:7.0.0:::::::*
	cpe:2.3:a:fortinet:fortianalyzer:7.0.1:::::::*
	cpe:2.3:a:fortinet:fortianalyzer:7.0.2:::::::*
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager:7.0.0:::::::*
	cpe:2.3:a:fortinet:fortimanager:7.0.1:::::::*
	cpe:2.3:a:fortinet:fortisandbox::::::::
	cpe:2.3:a:fortinet:fortisandbox::::::::
	cpe:2.3:a:fortinet:fortisandbox::::::::
	cpe:2.3:a:fortinet:fortisandbox:3.0.1:::::::*
	cpe:2.3:a:fortinet:fortisandbox:4.0.0:::::::*
	cpe:2.3:a:fortinet:fortisandbox:4.0.1:::::::*
	cpe:2.3:a:fortinet:fortisandbox:4.0.2:::::::*
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-18-292	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: fortinet

Published: 2023-09-01T11:43:03.878Z

Updated: 2023-09-01T11:43:03.878Z

Reserved: 2022-01-03T09:39:36.530Z

Link: CVE-2022-22305

JSON object: View

NVD Information

Status : Modified

Published: 2023-09-01T12:15:08.363

Modified: 2023-11-07T03:43:51.810

Link: CVE-2022-22305

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-22305", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2022-01-03T09:39:36.530Z", "datePublished": "2023-09-01T11:43:03.878Z", "dateUpdated": "2023-09-01T11:43:03.878Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiAnalyzer", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.2", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.7", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.11", "status": "affected"}, {"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.12", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSandbox", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.2", "status": "affected"}, {"versionType": "semver", "version": "3.2.0", "lessThanOrEqual": "3.2.4", "status": "affected"}, {"versionType": "semver", "version": "3.1.0", "lessThanOrEqual": "3.1.5", "status": "affected"}, {"versionType": "semver", "version": "3.0.0", "lessThanOrEqual": "3.0.7", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiManager", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.1", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.6", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.11", "status": "affected"}, {"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.12", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An improper certificate validation vulnerability [CWE-295] in\u00a0FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to\u00a0man-in-the-middle the communication between the listed products and some external peers."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-09-01T11:43:03.878Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-297", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiManager\u00a0version 7.0.2\u00a0or above.\r\nPlease upgrade to FortiManager\u00a0version 6.4.7\u00a0or above.\n\r\nPlease upgrade to FortiAnalyzer version 7.0.3\u00a0or above.\r\nPlease upgrade to\u00a0FortiAnalyzer version 6.4.8\u00a0or above.\n\r\nPlease upgrade to FortiSandbox version 4.2.0 or above\u00a0\n\r\n\u00a0"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-18-292", "url": "https://fortiguard.com/psirt/FG-IR-18-292"}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "2318A6AC-AA3E-4604-968C-35A46E79FCB8", "versionEndIncluding": "6.0.12", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "82AA3275-8A1D-43DA-880B-1EFFBD96C29D", "versionEndIncluding": "6.4.7", "versionStartIncluding": "6.2.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7DC87E0-0C9F-4E65-B96E-7E91F71764AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "80518C1A-60DB-4CC3-92ED-0C0BDCF2F1C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F8619721-489F-4BE7-BBAC-7D07FB64A8EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DFFD873-3F9B-41D8-92E6-09F84712BCE1", "versionEndIncluding": "6.0.12", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "67777F42-09E1-4651-807C-325A5F0D8A66", "versionEndIncluding": "6.2.11", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4EB03A2-7143-407C-B622-03E6AFAF6A78", "versionEndIncluding": "6.4.6", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A4E6379-A79E-4135-BAF1-D53E8F56798B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9CF421D9-54D7-47FB-AB11-A556BDB4A372", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D1EE4D7-4087-4A4A-9171-F48B1C5915C0", "versionEndIncluding": "3.0.7", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C47A3DB-A02A-488D-B0E1-867A19CE43B8", "versionEndIncluding": "3.1.5", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "16BB4915-1330-45E5-887E-AD97C29F500B", "versionEndIncluding": "3.2.4", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "527BEC13-9EC9-44AB-9F02-C948BDC96558", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0260B512-77CA-4FE8-A039-D7B287A19BAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D6CCD1A-3412-4A55-88A8-40B227FB00BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "51A80522-EBFC-4C3E-BF38-01453CC359F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "1728ED99-9A01-4819-B382-EDEF00F97B9D", "versionEndIncluding": "5.6.14", "versionStartIncluding": "5.6.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "0135464C-532C-430D-A76C-2FCDE4C991D1", "versionEndIncluding": "6.0.17", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99", "versionEndIncluding": "6.2.15", "versionStartIncluding": "6.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper certificate validation vulnerability [CWE-295] in\u00a0FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to\u00a0man-in-the-middle the communication between the listed products and some external peers."}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de certificado incorrecta [CWE-295] en FortiManager v7.0.1 y versiones inferiores, v6.4.6 y versiones inferiores; FortiAnalyzer v7.0.2 y versiones inferiores, v6.4.7 y versiones inferiores; FortiOS v6.2.x y v6.0.x; FortiSandbox v4.0.x, 3.2.x y 3.1.x puede permitir a un atacante adyacente a la red y no autenticado interceder en la comunicaci\u00f3n mediante la t\u00e9cnica de man-in-the-middle entre los productos enumerados y algunos peers externos. "}], "id": "CVE-2022-22305", "lastModified": "2023-11-07T03:43:51.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2023-09-01T12:15:08.363", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-18-292"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-297"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}