CVE-2022-26121 — Resource Exposure in Fortinet Fortianalyzer

CWE-668 — Resource Exposure4 documents4 sources

Severity

5.3MEDIUMNVD

CNA3.7

EPSS

0.2%

top 60.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager

Timeline

PublishedOct 10

Description

An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDfortinet/fortimanager5.6.11+4

▶NVDfortinet/fortianalyzer5.6.11+4

🔴Vulnerability Details

GHSA

GHSA-w3qf-ph3j-w487: An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7↗2022-10-10

▶

CVEList

CVE-2022-26121: An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7↗2022-10-10

▶

📋Vendor Advisories

Fortinet

An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0...↗2022-10-10

▶