Sign-up

ID

VAR-202302-1299


CVE

CVE-2022-40677


TITLE

fortinet's  FortiNAC  Vulnerability in inserting or changing arguments in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019899

DESCRIPTION

A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. fortinet's FortiNAC Exists in a vulnerability in inserting or modifying arguments.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from improper neutralization of parameters. The following versions are affected: 9.4.0, 9.2.0 to 9.2.5, 9.1.0 to 9.1.7, 8.8.0 to 8.8.11, 8.7.0 to 8.7.6, Version 8.6.0 to version 8.6.5, version 8.5.0 to version 8.5.4, version 8.3.7

Trust: 2.34

sources: NVD: CVE-2022-40677 // JVNDB: JVNDB-2022-019899 // CNNVD: CNNVD-202302-1432 // VULHUB: VHN-436490 // VULMON: CVE-2022-40677

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:lteversion:8.7.6

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.1.7

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.2.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.5.4

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.6.5

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.1.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.3.7

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.8.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.2.5

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.8.11

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.5.0

Trust: 1.0

vendor:フォーティネットmodel:fortinacscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.6.0 to 8.6.5

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.3.7

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.2.0 to 9.2.5

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.7.0 to 8.7.6

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.1.0 to 9.1.7

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.5.0 to 8.5.4

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.8.0 to 8.8.11

Trust: 0.8

sources: JVNDB: JVNDB-2022-019899 // NVD: CVE-2022-40677

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-40677
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-40677
value: HIGH

Trust: 1.0

NVD: CVE-2022-40677
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1432
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-40677
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-40677
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-40677
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019899 // CNNVD: CNNVD-202302-1432 // NVD: CVE-2022-40677 // NVD: CVE-2022-40677

PROBLEMTYPE DATA

problemtype:CWE-88

Trust: 1.1

problemtype:Insert or change arguments (CWE-88) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-436490 // JVNDB: JVNDB-2022-019899 // NVD: CVE-2022-40677

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1432

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-1432

PATCH

title:FG-IR-22-280url:https://www.fortiguard.com/psirt/FG-IR-22-280

Trust: 0.8

title:Fortinet FortiNAC Repair measures for parameter injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226974

Trust: 0.6

sources: JVNDB: JVNDB-2022-019899 // CNNVD: CNNVD-202302-1432

EXTERNAL IDS

db:NVDid:CVE-2022-40677

Trust: 3.4

db:JVNDBid:JVNDB-2022-019899

Trust: 0.8

db:CNNVDid:CNNVD-202302-1432

Trust: 0.6

db:VULHUBid:VHN-436490

Trust: 0.1

db:VULMONid:CVE-2022-40677

Trust: 0.1

sources: VULHUB: VHN-436490 // VULMON: CVE-2022-40677 // JVNDB: JVNDB-2022-019899 // CNNVD: CNNVD-202302-1432 // NVD: CVE-2022-40677

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-280

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-40677

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-40677/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-436490 // VULMON: CVE-2022-40677 // JVNDB: JVNDB-2022-019899 // CNNVD: CNNVD-202302-1432 // NVD: CVE-2022-40677

SOURCES

db:VULHUBid:VHN-436490
db:VULMONid:CVE-2022-40677
db:JVNDBid:JVNDB-2022-019899
db:CNNVDid:CNNVD-202302-1432
db:NVDid:CVE-2022-40677

LAST UPDATE DATE

2024-08-14T15:37:08.480000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-436490date:2023-02-27T00:00:00
db:VULMONid:CVE-2022-40677date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-019899date:2023-10-30T01:06:00
db:CNNVDid:CNNVD-202302-1432date:2023-02-28T00:00:00
db:NVDid:CVE-2022-40677date:2023-11-07T03:52:34.873

SOURCES RELEASE DATE

db:VULHUBid:VHN-436490date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-40677date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-019899date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1432date:2023-02-16T00:00:00
db:NVDid:CVE-2022-40677date:2023-02-16T19:15:13.250