ID

VAR-202212-0808


CVE

CVE-2022-35843


TITLE

fortinet's  FortiProxy  and  FortiOS  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023337

DESCRIPTION

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. fortinet's FortiProxy and FortiOS There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-35843 // JVNDB: JVNDB-2022-023337 // VULHUB: VHN-432094

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.2.13

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.2.12

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:2.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.4.9

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:7.0.7

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:7.0.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.15

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.2.1

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:2.0.10

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:7.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortiosscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiproxyscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023337 // NVD: CVE-2022-35843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-35843
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2022-35843
value: HIGH

Trust: 1.0

NVD: CVE-2022-35843
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202212-2590
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-35843
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-35843
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-35843
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023337 // CNNVD: CNNVD-202212-2590 // NVD: CVE-2022-35843 // NVD: CVE-2022-35843

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023337 // NVD: CVE-2022-35843

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2590

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2590

PATCH

title:FG-IR-22-255url:https://www.fortiguard.com/psirt/FG-IR-22-255

Trust: 0.8

title:Fortinet FortiOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=216881

Trust: 0.6

sources: JVNDB: JVNDB-2022-023337 // CNNVD: CNNVD-202212-2590

EXTERNAL IDS

db:NVDid:CVE-2022-35843

Trust: 3.3

db:JVNDBid:JVNDB-2022-023337

Trust: 0.8

db:CNNVDid:CNNVD-202212-2590

Trust: 0.6

db:VULHUBid:VHN-432094

Trust: 0.1

sources: VULHUB: VHN-432094 // JVNDB: JVNDB-2022-023337 // CNNVD: CNNVD-202212-2590 // NVD: CVE-2022-35843

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-255

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-35843

Trust: 0.8

url:https://vigilance.fr/vulnerability/fortinet-fortios-user-access-via-radius-ssh-authentication-40036

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-35843/

Trust: 0.6

sources: VULHUB: VHN-432094 // JVNDB: JVNDB-2022-023337 // CNNVD: CNNVD-202212-2590 // NVD: CVE-2022-35843

SOURCES

db:VULHUBid:VHN-432094
db:JVNDBid:JVNDB-2022-023337
db:CNNVDid:CNNVD-202212-2590
db:NVDid:CVE-2022-35843

LAST UPDATE DATE

2024-08-14T13:52:53.527000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-432094date:2022-12-08T00:00:00
db:JVNDBid:JVNDB-2022-023337date:2023-11-28T06:20:00
db:CNNVDid:CNNVD-202212-2590date:2022-12-09T00:00:00
db:NVDid:CVE-2022-35843date:2023-11-07T03:49:25.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-432094date:2022-12-06T00:00:00
db:JVNDBid:JVNDB-2022-023337date:2023-11-28T00:00:00
db:CNNVDid:CNNVD-202212-2590date:2022-12-06T00:00:00
db:NVDid:CVE-2022-35843date:2022-12-06T17:15:10.873