Details of VAR-202207-0163

ID

VAR-202207-0163

CVE

CVE-2022-26120

TITLE

FortiADC in the management interface SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-015256

DESCRIPTION

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. FortiADC The management interface includes SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiADC is an application delivery controller from Fortinet

Trust: 1.71

sources: NVD: CVE-2022-26120 // JVNDB: JVNDB-2022-015256 // VULHUB: VHN-416881

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiadc	scope:	lt	version:	6.2.3	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiadc	scope:	eq	version:	5.0.0 to 6.2.2	Trust: 0.8
vendor:	フォーティネット	model:	fortiadc	scope:	eq	version:	7.0.0 to 7.0.1	Trust: 0.8
vendor:	フォーティネット	model:	fortiadc	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-015256 // NVD: CVE-2022-26120

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26120
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2022-26120
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-26120
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202207-376
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-26120
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2022-26120
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26120
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015256 // CNNVD: CNNVD-202207-376 // NVD: CVE-2022-26120 // NVD: CVE-2022-26120

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.1
problemtype:	SQL injection (CWE-89) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-416881 // JVNDB: JVNDB-2022-015256 // NVD: CVE-2022-26120

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-376

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202207-376

PATCH

title:	FG-IR-22-051	url:	https://www.fortiguard.com/psirt/FG-IR-22-051	Trust: 0.8
title:	Fortinet FortiADC SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201340	Trust: 0.6

sources: JVNDB: JVNDB-2022-015256 // CNNVD: CNNVD-202207-376

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26120	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-015256	Trust: 0.8
db:	CS-HELP	id:	SB2022070518	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-376	Trust: 0.6
db:	CNVD	id:	CNVD-2022-53255	Trust: 0.1
db:	VULHUB	id:	VHN-416881	Trust: 0.1

sources: VULHUB: VHN-416881 // JVNDB: JVNDB-2022-015256 // CNNVD: CNNVD-202207-376 // NVD: CVE-2022-26120

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-051	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26120	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26120/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070518	Trust: 0.6

sources: VULHUB: VHN-416881 // JVNDB: JVNDB-2022-015256 // CNNVD: CNNVD-202207-376 // NVD: CVE-2022-26120

SOURCES

db:	VULHUB	id:	VHN-416881
db:	JVNDB	id:	JVNDB-2022-015256
db:	CNNVD	id:	CNNVD-202207-376
db:	NVD	id:	CVE-2022-26120

LAST UPDATE DATE

2024-08-14T15:42:22.280000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-416881	date:	2022-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2022-015256	date:	2023-09-26T04:56:00
db:	CNNVD	id:	CNNVD-202207-376	date:	2022-07-26T00:00:00
db:	NVD	id:	CVE-2022-26120	date:	2022-07-25T14:08:51.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-416881	date:	2022-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015256	date:	2023-09-26T00:00:00
db:	CNNVD	id:	CNNVD-202207-376	date:	2022-07-05T00:00:00
db:	NVD	id:	CVE-2022-26120	date:	2022-07-18T18:15:09.120