CVE-2022-22300Improper Handling of Exceptional Conditions in Fortinet Fortianalyzer

CWE-755Improper Handling of Exceptional ConditionsCWE-863Incorrect Authorization4 documents4 sources
Severity
8.8HIGHNVD
CNA4.3
EPSS
0.1%
top 65.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortianalyzerFortinet Fortimanager
Timeline
PublishedMar 1
Latest updateMar 2

Description

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortimanager7.0.07.0.3+4
NVDfortinet/fortianalyzer7.0.07.0.3+4

🔴Vulnerability Details

2
GHSA
GHSA-69m8-6m2p-9wrw: A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 52022-03-02
CVEList
CVE-2022-22300: A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 52022-03-01

📋Vendor Advisories

1
Fortinet
A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, Fo...2022-03-01
CVE-2022-22300 — Fortinet Fortianalyzer vulnerability | cvebase