ID

VAR-202209-0297


CVE

CVE-2022-27491


TITLE

fortinet's  FortiOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019309

DESCRIPTION

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. fortinet's FortiOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-27491 // JVNDB: JVNDB-2022-019309 // VULHUB: VHN-418131

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:6.4.9

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.14

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:7.0.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:6.2.11

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:7.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortiosscope:eqversion:7.0.0 that's all 7.0.6

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:6.4.0 that's all 6.4.9

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:7.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:6.2.0 that's all 6.2.11

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:6.0.0 to 6.0.14

Trust: 0.8

sources: JVNDB: JVNDB-2022-019309 // NVD: CVE-2022-27491

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-27491
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-27491
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-27491
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202209-222
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-27491
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-27491
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-27491
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019309 // CNNVD: CNNVD-202209-222 // NVD: CVE-2022-27491 // NVD: CVE-2022-27491

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-019309 // NVD: CVE-2022-27491

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-222

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-222

PATCH

title:FG-IR-22-073url:https://fortiguard.com/psirt/FG-IR-22-073

Trust: 0.8

title:Fortinet FortiOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207175

Trust: 0.6

sources: JVNDB: JVNDB-2022-019309 // CNNVD: CNNVD-202209-222

EXTERNAL IDS

db:NVDid:CVE-2022-27491

Trust: 3.3

db:JVNDBid:JVNDB-2022-019309

Trust: 0.8

db:CNNVDid:CNNVD-202209-222

Trust: 0.6

db:VULHUBid:VHN-418131

Trust: 0.1

sources: VULHUB: VHN-418131 // JVNDB: JVNDB-2022-019309 // CNNVD: CNNVD-202209-222 // NVD: CVE-2022-27491

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-073

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-27491

Trust: 1.4

url:https://vigilance.fr/vulnerability/fortios-denial-of-service-via-tcp-middlebox-reflection-39198

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-27491/

Trust: 0.6

sources: VULHUB: VHN-418131 // JVNDB: JVNDB-2022-019309 // CNNVD: CNNVD-202209-222 // NVD: CVE-2022-27491

SOURCES

db:VULHUBid:VHN-418131
db:JVNDBid:JVNDB-2022-019309
db:CNNVDid:CNNVD-202209-222
db:NVDid:CVE-2022-27491

LAST UPDATE DATE

2024-08-14T15:32:33.108000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-418131date:2022-09-09T00:00:00
db:JVNDBid:JVNDB-2022-019309date:2023-10-25T05:34:00
db:CNNVDid:CNNVD-202209-222date:2022-09-13T00:00:00
db:NVDid:CVE-2022-27491date:2022-09-09T02:26:18.327

SOURCES RELEASE DATE

db:VULHUBid:VHN-418131date:2022-09-06T00:00:00
db:JVNDBid:JVNDB-2022-019309date:2023-10-25T00:00:00
db:CNNVDid:CNNVD-202209-222date:2022-09-06T00:00:00
db:NVDid:CVE-2022-27491date:2022-09-06T18:15:12.693