CVE-2022-35846

CWE-3074 documents4 sources
Severity
9.8CRITICAL
EPSS
0.8%
top 26.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortitesterFortinet Fortinet Fortitester
Timeline
PublishedOct 18

Description

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortitester2.3.03.9.2+2
CVEListV5fortinet/fortinet_fortitesterFortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

🔴Vulnerability Details

2
GHSA
GHSA-7f8f-7v7x-vq93: An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 22022-10-18
CVEList
CVE-2022-35846: An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 22022-10-10

📋Vendor Advisories

1
Fortinet
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 th...2022-10-18
CVE-2022-35846 (CRITICAL CVSS 9.8) | An improper restriction of excessiv | cvebase.io