CVE-2022-22305
01.09.2023, 12:15
An improper certificate validation vulnerability [CWE-295] inFortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker toman-in-the-middle the communication between the listed products and some external peers.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortianalyzer | 6.0.0 ≤ 𝑥 ≤ 6.0.12 |
| fortinet | fortianalyzer | 6.2.9 ≤ 𝑥 ≤ 6.4.7 |
| fortinet | fortianalyzer | 7.0.0 |
| fortinet | fortianalyzer | 7.0.1 |
| fortinet | fortianalyzer | 7.0.2 |
| fortinet | fortimanager | 6.0.0 ≤ 𝑥 ≤ 6.0.12 |
| fortinet | fortimanager | 6.2.0 ≤ 𝑥 ≤ 6.2.11 |
| fortinet | fortimanager | 6.4.0 ≤ 𝑥 ≤ 6.4.6 |
| fortinet | fortimanager | 7.0.0 |
| fortinet | fortimanager | 7.0.1 |
| fortinet | fortisandbox | 3.0.0 ≤ 𝑥 ≤ 3.0.7 |
| fortinet | fortisandbox | 3.1.0 ≤ 𝑥 ≤ 3.1.5 |
| fortinet | fortisandbox | 3.2.0 ≤ 𝑥 ≤ 3.2.4 |
| fortinet | fortisandbox | 3.0.1 |
| fortinet | fortisandbox | 4.0.0 |
| fortinet | fortisandbox | 4.0.1 |
| fortinet | fortisandbox | 4.0.2 |
| fortinet | fortios | 5.6.10 ≤ 𝑥 ≤ 5.6.14 |
| fortinet | fortios | 6.0.0 ≤ 𝑥 ≤ 6.0.17 |
| fortinet | fortios | 6.2.0 ≤ 𝑥 ≤ 6.2.15 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-297 - Improper Validation of Certificate with Host MismatchThe software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
- CWE-295 - Improper Certificate ValidationThe software does not validate, or incorrectly validates, a certificate.