Sign-up

ID

VAR-202208-0420


CVE

CVE-2022-27484


TITLE

Fortinet FortiADC  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016219

DESCRIPTION

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. Fortinet FortiADC There is an authentication vulnerability in.Information may be obtained. Fortinet FortiADC is an application delivery controller from Fortinet. Fortinet FortiADC versions 6.2.0 to 6.2.3, 6.1.x, 6.0.x, and 5.xx have security vulnerabilities

Trust: 1.8

sources: NVD: CVE-2022-27484 // JVNDB: JVNDB-2022-016219 // VULHUB: VHN-418124 // VULMON: CVE-2022-27484

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiadcscope:ltversion:6.2.4

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:gteversion:5.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortiadcscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-016219 // NVD: CVE-2022-27484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-27484
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2022-27484
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-27484
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202208-2116
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-27484
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-27484
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-27484
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-016219 // CNNVD: CNNVD-202208-2116 // NVD: CVE-2022-27484 // NVD: CVE-2022-27484

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-863

Trust: 0.1

sources: VULHUB: VHN-418124 // JVNDB: JVNDB-2022-016219 // NVD: CVE-2022-27484

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2116

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2116

PATCH

title:FG-IR-22-055url:https://www.fortiguard.com/psirt/FG-IR-22-055

Trust: 0.8

title:Fortinet FortiADC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203516

Trust: 0.6

sources: JVNDB: JVNDB-2022-016219 // CNNVD: CNNVD-202208-2116

EXTERNAL IDS

db:NVDid:CVE-2022-27484

Trust: 3.4

db:JVNDBid:JVNDB-2022-016219

Trust: 0.8

db:CNNVDid:CNNVD-202208-2116

Trust: 0.7

db:VULHUBid:VHN-418124

Trust: 0.1

db:VULMONid:CVE-2022-27484

Trust: 0.1

sources: VULHUB: VHN-418124 // VULMON: CVE-2022-27484 // JVNDB: JVNDB-2022-016219 // CNNVD: CNNVD-202208-2116 // NVD: CVE-2022-27484

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-055

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-27484

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-27484/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-418124 // VULMON: CVE-2022-27484 // JVNDB: JVNDB-2022-016219 // CNNVD: CNNVD-202208-2116 // NVD: CVE-2022-27484

SOURCES

db:VULHUBid:VHN-418124
db:VULMONid:CVE-2022-27484
db:JVNDBid:JVNDB-2022-016219
db:CNNVDid:CNNVD-202208-2116
db:NVDid:CVE-2022-27484

LAST UPDATE DATE

2024-08-14T14:24:38.266000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-418124date:2022-08-10T00:00:00
db:VULMONid:CVE-2022-27484date:2022-08-03T00:00:00
db:JVNDBid:JVNDB-2022-016219date:2023-10-03T05:00:00
db:CNNVDid:CNNVD-202208-2116date:2022-08-11T00:00:00
db:NVDid:CVE-2022-27484date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-418124date:2022-08-03T00:00:00
db:VULMONid:CVE-2022-27484date:2022-08-03T00:00:00
db:JVNDBid:JVNDB-2022-016219date:2023-10-03T00:00:00
db:CNNVDid:CNNVD-202208-2116date:2022-08-03T00:00:00
db:NVDid:CVE-2022-27484date:2022-08-03T14:15:08.567