Sign-up

ID

VAR-202212-0808


CVE

CVE-2022-35843


TITLE

fortinet's  FortiProxy  and  FortiOS  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023337

DESCRIPTION

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. fortinet's FortiProxy and FortiOS There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-35843 // JVNDB: JVNDB-2022-023337 // VULHUB: VHN-432094

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiproxyscope:gteversion:2.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.2.1

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.2.12

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:7.0.7

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.2.13

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:2.0.10

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:7.0.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.4.9

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.15

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortiosscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiproxyscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023337 // NVD: CVE-2022-35843

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-35843
value: CRITICAL

Trust: 1.8

psirt@fortinet.com: CVE-2022-35843
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202212-2590
value: CRITICAL

Trust: 0.6

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com:
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-35843
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023337 // NVD: CVE-2022-35843 // NVD: CVE-2022-35843 // CNNVD: CNNVD-202212-2590

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023337 // NVD: CVE-2022-35843

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2590

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2590

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-35843

PATCH
title:FG-IR-22-255url:https://www.fortiguard.com/psirt/fg-ir-22-255
Trust: 0.8
title:Fortinet FortiOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216881
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-023337 // 
            
            
            
            CNNVD: CNNVD-202212-2590

EXTERNAL IDS
db:NVDid:CVE-2022-35843
Trust: 3.3
db:JVNDBid:JVNDB-2022-023337
Trust: 0.8
db:CNNVDid:CNNVD-202212-2590
Trust: 0.6
db:VULHUBid:VHN-432094
Trust: 0.1
sources:
            
            
            VULHUB: VHN-432094 // 
            
            
            
            JVNDB: JVNDB-2022-023337 // 
            
            
            
            NVD: CVE-2022-35843 // 
            
            
            
            CNNVD: CNNVD-202212-2590

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-255
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2022-35843
Trust: 0.8
url:https://vigilance.fr/vulnerability/fortinet-fortios-user-access-via-radius-ssh-authentication-40036
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-35843/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-432094 // 
            
            
            
            JVNDB: JVNDB-2022-023337 // 
            
            
            
            NVD: CVE-2022-35843 // 
            
            
            
            CNNVD: CNNVD-202212-2590

SOURCES
db:VULHUBid:VHN-432094
db:JVNDBid:JVNDB-2022-023337
db:NVDid:CVE-2022-35843
db:CNNVDid:CNNVD-202212-2590

LAST UPDATE DATE
2023-12-18T13:41:46.043000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-432094date:2022-12-08T00:00:00
db:JVNDBid:JVNDB-2022-023337date:2023-11-28T06:20:00
db:NVDid:CVE-2022-35843date:2023-11-07T03:49:25.277
db:CNNVDid:CNNVD-202212-2590date:2022-12-09T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-432094date:2022-12-06T00:00:00
db:JVNDBid:JVNDB-2022-023337date:2023-11-28T00:00:00
db:NVDid:CVE-2022-35843date:2022-12-06T17:15:10.873
db:CNNVDid:CNNVD-202212-2590date:2022-12-06T00:00:00