CVE-2022-35843 — Improper Access Control in Fortinet Fortios

CWE-284 — Improper Access Control CWE-287 — Improper Authentication4 documents4 sources

Severity

9.8CRITICALNVD

CNA8.1

EPSS

0.5%

top 33.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedDec 6

Description

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5fortinet/fortios6.2.0 — 6.2.*+6

▶NVDfortinet/fortios6.0.0 — 6.0.15+5

▶CVEListV5fortinet/fortiproxy7.0.0 — 7.0.5+2

▶NVDfortinet/fortiproxy1.2.0 — 1.2.13+2

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

GHSA

GHSA-h7pw-vp92-fggq: An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7↗2022-12-06

▶

CVEList

CVE-2022-35843: An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7↗2022-12-06

▶

📋Vendor Advisories

Fortinet

SSH authentication bypass when RADIUS authentication is used↗2022-12-06

▶