CVE-2022-22300

CVE Database · CVE-2022-22300

CVE-2022-22300

· MEDIUMModified

CVSS v3.1

4.3

EPSS

0.88%

Published

Mar 1, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-755

Affected Products (10)

fortinet · fortianalyzervulnerable

fortinet · fortianalyzer (up to 7.0.3)vulnerable

fortinet · fortimanagervulnerable

fortinet · fortimanager (up to 7.0.3)

References (2)

https://fortiguard.com/psirt/FG-IR-21-255

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-21-255

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs