CVE-2022-35843

EUVD-2022-38716

06.12.2022, 17:15

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0,  7.0.0 through 7.0.7,  6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
fortinet	CNA	7.7 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 66%

Affected Products (NVD)

Vendor	Product	Version
fortinet	fortiproxy	1.2.0 ≤ 𝑥 ≤ 1.2.13
fortinet	fortiproxy	2.0.0 ≤ 𝑥 ≤ 2.0.10
fortinet	fortiproxy	7.0.0 ≤ 𝑥 ≤ 7.0.6
fortinet	fortios	6.0.0 ≤ 𝑥 ≤ 6.0.15
fortinet	fortios	6.2.0 ≤ 𝑥 ≤ 6.2.12
fortinet	fortios	6.4.0 ≤ 𝑥 ≤ 6.4.9
fortinet	fortios	7.0.0 ≤ 𝑥 ≤ 7.0.7
fortinet	fortios	7.2.0
fortinet	fortios	7.2.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://fortiguard.com/psirt/FG-IR-22-255