CVE-2022-27484
published 2022-08-03CVE-2022-27484: A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiadc | — | — |
| fortinet | fortiadc | >= 5.0.0 < 6.2.4 | 6.2.4 |
| fortinet | fortinet | — | — |
| fortinet | fortinet_fortiadc | — | — |