Sign-up

ID

VAR-202211-0063


CVE

CVE-2022-39945


TITLE

Fortinet FortiMail Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202211-1921

DESCRIPTION

An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR)

Trust: 0.99

sources: NVD: CVE-2022-39945 // VULHUB: VHN-435741

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:lteversion:6.0.12

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.4.7

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.2.9

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:7.0.3

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:7.0.0

Trust: 1.0

sources: NVD: CVE-2022-39945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-39945
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2022-39945
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202211-1921
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-39945
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-39945
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202211-1921 // NVD: CVE-2022-39945 // NVD: CVE-2022-39945

PROBLEMTYPE DATA

problemtype:CWE-639

Trust: 1.1

sources: VULHUB: VHN-435741 // NVD: CVE-2022-39945

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-1921

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-1921

PATCH

title:Fortinet FortiMail Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213037

Trust: 0.6

sources: CNNVD: CNNVD-202211-1921

EXTERNAL IDS

db:NVDid:CVE-2022-39945

Trust: 1.7

db:CNNVDid:CNNVD-202211-1921

Trust: 0.6

db:VULHUBid:VHN-435741

Trust: 0.1

sources: VULHUB: VHN-435741 // CNNVD: CNNVD-202211-1921 // NVD: CVE-2022-39945

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-066

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-39945/

Trust: 0.6

sources: VULHUB: VHN-435741 // CNNVD: CNNVD-202211-1921 // NVD: CVE-2022-39945

SOURCES

db:VULHUBid:VHN-435741
db:CNNVDid:CNNVD-202211-1921
db:NVDid:CVE-2022-39945

LAST UPDATE DATE

2024-08-14T13:52:55.986000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-435741date:2022-11-03T00:00:00
db:CNNVDid:CNNVD-202211-1921date:2022-11-04T00:00:00
db:NVDid:CVE-2022-39945date:2022-11-03T18:54:17.247

SOURCES RELEASE DATE

db:VULHUBid:VHN-435741date:2022-11-02T00:00:00
db:CNNVDid:CNNVD-202211-1921date:2022-11-02T00:00:00
db:NVDid:CVE-2022-39945date:2022-11-02T12:15:54.973