CVE-2022-42475 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
fortinet	CNA	9.3 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
fortinet	fortios	5.0.0 ≤ 𝑥 ≤ 5.0.14
fortinet	fortios	5.2.0 ≤ 𝑥 ≤ 5.2.15
fortinet	fortios	5.4.0 ≤ 𝑥 ≤ 5.4.13
fortinet	fortios	5.6.0 ≤ 𝑥 ≤ 5.6.14
fortinet	fortios	6.0.0 ≤ 𝑥 < 6.0.16
fortinet	fortios	6.2.0 ≤ 𝑥 < 6.2.12
fortinet	fortios	6.4.0 ≤ 𝑥 < 6.4.11
fortinet	fortios	7.0.0 ≤ 𝑥 < 7.0.9
fortinet	fortios	7.2.0 ≤ 𝑥 < 7.2.3
fortinet	fortiproxy	1.0.0 ≤ 𝑥 ≤ 1.0.7
fortinet	fortiproxy	1.1.0 ≤ 𝑥 ≤ 1.1.6
fortinet	fortiproxy	1.2.0 ≤ 𝑥 ≤ 1.2.13
fortinet	fortiproxy	2.0.0 ≤ 𝑥 < 2.0.12
fortinet	fortiproxy	7.0.0 ≤ 𝑥 < 7.0.8
fortinet	fortiproxy	7.2.0 ≤ 𝑥 < 7.2.2
fortinet	fortios	6.0.0 ≤ 𝑥 < 6.0.15
fortinet	fortios	6.2.0 ≤ 𝑥 < 6.2.12
fortinet	fortios	6.4.0 ≤ 𝑥 < 6.4.10
fortinet	fortios	7.0.0 ≤ 𝑥 < 7.0.8

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-197 - Numeric Truncation Error
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://fortiguard.com/psirt/FG-IR-22-398

https://fortiguard.com/psirt/FG-IR-22-398