Sign-up

ID

VAR-202302-1269


CVE

CVE-2022-38375


TITLE

fortinet's  FortiNAC  and  FortiNAC-F  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004465

DESCRIPTION

An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-38375 // JVNDB: JVNDB-2023-004465 // VULHUB: VHN-434169 // VULMON: CVE-2022-38375

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:ltversion:9.2.7

Trust: 1.0

vendor:fortinetmodel:fortinacscope:ltversion:9.4.2

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.2.0

Trust: 1.0

vendor:fortinetmodel:fortinac-fscope:ltversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.4.0

Trust: 1.0

vendor:フォーティネットmodel:fortinacscope:eqversion:-f 7.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.2.0 that's all 9.2.7

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.4.0 that's all 9.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortinac-fscope:eqversion:7.2.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004465 // NVD: CVE-2022-38375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-38375
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2022-38375
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-38375
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202302-1440
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-38375
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-38375
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-38375
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004465 // CNNVD: CNNVD-202302-1440 // NVD: CVE-2022-38375 // NVD: CVE-2022-38375

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-863

Trust: 0.1

sources: VULHUB: VHN-434169 // JVNDB: JVNDB-2023-004465 // NVD: CVE-2022-38375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1440

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1440

PATCH

title:FG-IR-22-329url:https://fortiguard.com/psirt/FG-IR-22-329

Trust: 0.8

title:Fortinet FortiNAC Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226809

Trust: 0.6

sources: JVNDB: JVNDB-2023-004465 // CNNVD: CNNVD-202302-1440

EXTERNAL IDS

db:NVDid:CVE-2022-38375

Trust: 3.4

db:JVNDBid:JVNDB-2023-004465

Trust: 0.8

db:CNNVDid:CNNVD-202302-1440

Trust: 0.6

db:VULHUBid:VHN-434169

Trust: 0.1

db:VULMONid:CVE-2022-38375

Trust: 0.1

sources: VULHUB: VHN-434169 // VULMON: CVE-2022-38375 // JVNDB: JVNDB-2023-004465 // CNNVD: CNNVD-202302-1440 // NVD: CVE-2022-38375

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-329

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-38375

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-38375/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-434169 // VULMON: CVE-2022-38375 // JVNDB: JVNDB-2023-004465 // CNNVD: CNNVD-202302-1440 // NVD: CVE-2022-38375

SOURCES

db:VULHUBid:VHN-434169
db:VULMONid:CVE-2022-38375
db:JVNDBid:JVNDB-2023-004465
db:CNNVDid:CNNVD-202302-1440
db:NVDid:CVE-2022-38375

LAST UPDATE DATE

2024-08-14T14:30:44.572000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-434169date:2023-02-24T00:00:00
db:VULMONid:CVE-2022-38375date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004465date:2023-10-30T07:28:00
db:CNNVDid:CNNVD-202302-1440date:2023-02-27T00:00:00
db:NVDid:CVE-2022-38375date:2023-11-07T03:50:06.460

SOURCES RELEASE DATE

db:VULHUBid:VHN-434169date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-38375date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004465date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1440date:2023-02-16T00:00:00
db:NVDid:CVE-2022-38375date:2023-02-16T19:15:12.797