Sign-up

ID

VAR-202205-0501


CVE

CVE-2022-23443


TITLE

Fortinet FortiSOAR  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010448

DESCRIPTION

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. Fortinet FortiSOAR Exists in unspecified vulnerabilities.Information may be obtained. FortiSOAR is a Security Orchestration, Automation and Response (SOAR) solution from Fortinet, USA

Trust: 1.8

sources: NVD: CVE-2022-23443 // JVNDB: JVNDB-2022-010448 // VULHUB: VHN-412578 // VULMON: CVE-2022-23443

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisoarscope:lteversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortisoarscope:lteversion:6.4.4

Trust: 1.0

vendor:fortinetmodel:fortisoarscope:eqversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortisoarscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortisoarscope:gteversion:7.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortisoarscope:eqversion:7.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortisoarscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010448 // NVD: CVE-2022-23443

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-23443
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-23443
value: HIGH

Trust: 1.0

NVD: CVE-2022-23443
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202205-2038
value: HIGH

Trust: 0.6

VULHUB: VHN-412578
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-23443
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-23443
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-412578
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-23443
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-010448
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-412578 // VULMON: CVE-2022-23443 // JVNDB: JVNDB-2022-010448 // CNNVD: CNNVD-202205-2038 // NVD: CVE-2022-23443 // NVD: CVE-2022-23443

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-863

Trust: 0.1

sources: VULHUB: VHN-412578 // JVNDB: JVNDB-2022-010448 // NVD: CVE-2022-23443

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2038

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202205-2038

PATCH

title:FG-IR-22-041url:https://www.fortiguard.com/psirt/FG-IR-22-041

Trust: 0.8

title:Fortinet FortiSOAR Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192819

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-23443 // JVNDB: JVNDB-2022-010448 // CNNVD: CNNVD-202205-2038

EXTERNAL IDS

db:NVDid:CVE-2022-23443

Trust: 3.4

db:JVNDBid:JVNDB-2022-010448

Trust: 0.8

db:CS-HELPid:SB2022050321

Trust: 0.6

db:CNNVDid:CNNVD-202205-2038

Trust: 0.6

db:CNVDid:CNVD-2022-50949

Trust: 0.1

db:VULHUBid:VHN-412578

Trust: 0.1

db:VULMONid:CVE-2022-23443

Trust: 0.1

sources: VULHUB: VHN-412578 // VULMON: CVE-2022-23443 // JVNDB: JVNDB-2022-010448 // CNNVD: CNNVD-202205-2038 // NVD: CVE-2022-23443

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-041

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-23443

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022050321

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-23443/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-412578 // VULMON: CVE-2022-23443 // JVNDB: JVNDB-2022-010448 // CNNVD: CNNVD-202205-2038 // NVD: CVE-2022-23443

SOURCES

db:VULHUBid:VHN-412578
db:VULMONid:CVE-2022-23443
db:JVNDBid:JVNDB-2022-010448
db:CNNVDid:CNNVD-202205-2038
db:NVDid:CVE-2022-23443

LAST UPDATE DATE

2024-11-23T23:07:25.073000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-412578date:2022-05-13T00:00:00
db:VULMONid:CVE-2022-23443date:2023-08-08T00:00:00
db:JVNDBid:JVNDB-2022-010448date:2023-08-15T06:46:00
db:CNNVDid:CNNVD-202205-2038date:2022-05-16T00:00:00
db:NVDid:CVE-2022-23443date:2024-11-21T06:48:34.093

SOURCES RELEASE DATE

db:VULHUBid:VHN-412578date:2022-05-04T00:00:00
db:VULMONid:CVE-2022-23443date:2022-05-04T00:00:00
db:JVNDBid:JVNDB-2022-010448date:2023-08-15T00:00:00
db:CNNVDid:CNNVD-202205-2038date:2022-05-03T00:00:00
db:NVDid:CVE-2022-23443date:2022-05-04T16:15:08.587