CVE-2022-35843

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-22-255	Patch Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:o:fortinet:fortios:7.2.0:::::::*
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios:7.2.1:::::::*

Information

Published : 2022-12-06 09:15

Updated : 2022-12-08 08:19

NVD link : CVE-2022-35843

Mitre link : CVE-2022-35843

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

fortinet

fortios
fortiproxy

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-22-255", "name": "https://fortiguard.com/psirt/FG-IR-22-255", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-35843", "ASSIGNER": "psirt@fortinet.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2022-12-06T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.2.13", "versionStartIncluding": "1.2.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.4.9", "versionStartIncluding": "6.4.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.15", "versionStartIncluding": "6.0.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.0.7", "versionStartIncluding": "7.0.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.0.10", "versionStartIncluding": "2.0.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.0.6", "versionStartIncluding": "7.0.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.2.12", "versionStartIncluding": "6.2.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-08T16:19Z"}