Details of VAR-202302-1445

ID

VAR-202302-1445

CVE

CVE-2022-40675

TITLE

fortinet's FortiNAC and FortiNAC-F Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004412

DESCRIPTION

Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-40675 // JVNDB: JVNDB-2023-004412 // VULHUB: VHN-436488 // VULMON: CVE-2022-40675

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortinac	scope:	lt	version:	9.4.2	Trust: 1.0
vendor:	fortinet	model:	fortinac-f	scope:	lt	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lte	version:	9.2.7	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	gte	version:	9.4.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	gte	version:	8.3.7	Trust: 1.0
vendor:	フォーティネット	model:	fortinac-f	scope:	eq	version:	7.2.0	Trust: 0.8
vendor:	フォーティネット	model:	fortinac	scope:	eq	version:	-f 7.2.0	Trust: 0.8
vendor:	フォーティネット	model:	fortinac	scope:	eq	version:	8.3.7 to 9.2.7	Trust: 0.8
vendor:	フォーティネット	model:	fortinac	scope:	eq	version:	9.4.0 that's all 9.4.2	Trust: 0.8

sources: JVNDB: JVNDB-2023-004412 // NVD: CVE-2022-40675

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-40675
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2022-40675
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-40675
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1433
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-40675
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2022-40675
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2022-40675
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004412 // CNNVD: CNNVD-202302-1433 // NVD: CVE-2022-40675 // NVD: CVE-2022-40675

PROBLEMTYPE DATA

problemtype:	CWE-310	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-327	Trust: 0.1

sources: VULHUB: VHN-436488 // JVNDB: JVNDB-2023-004412 // NVD: CVE-2022-40675

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1433

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-1433

PATCH

title:	FG-IR-22-312	url:	https://fortiguard.com/psirt/FG-IR-22-312	Trust: 0.8
title:	Fortinet FortiNAC Fixes for encryption problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=226803	Trust: 0.6

sources: JVNDB: JVNDB-2023-004412 // CNNVD: CNNVD-202302-1433

EXTERNAL IDS

db:	NVD	id:	CVE-2022-40675	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-004412	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1433	Trust: 0.6
db:	VULHUB	id:	VHN-436488	Trust: 0.1
db:	VULMON	id:	CVE-2022-40675	Trust: 0.1

sources: VULHUB: VHN-436488 // VULMON: CVE-2022-40675 // JVNDB: JVNDB-2023-004412 // CNNVD: CNNVD-202302-1433 // NVD: CVE-2022-40675

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-312	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40675	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-40675/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-436488 // VULMON: CVE-2022-40675 // JVNDB: JVNDB-2023-004412 // CNNVD: CNNVD-202302-1433 // NVD: CVE-2022-40675

SOURCES

db:	VULHUB	id:	VHN-436488
db:	VULMON	id:	CVE-2022-40675
db:	JVNDB	id:	JVNDB-2023-004412
db:	CNNVD	id:	CNNVD-202302-1433
db:	NVD	id:	CVE-2022-40675

LAST UPDATE DATE

2024-08-14T15:32:14.414000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-436488	date:	2023-02-24T00:00:00
db:	VULMON	id:	CVE-2022-40675	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004412	date:	2023-10-30T05:48:00
db:	CNNVD	id:	CNNVD-202302-1433	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2022-40675	date:	2023-11-07T03:52:34.577

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-436488	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-40675	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004412	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202302-1433	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-40675	date:	2023-02-16T19:15:13.187