ID

VAR-202302-1572


CVE

CVE-2022-30306


TITLE

fortinet's  Fortiweb  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004462

DESCRIPTION

A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password. fortinet's Fortiweb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-30306 // JVNDB: JVNDB-2023-004462 // VULHUB: VHN-421800 // VULMON: CVE-2022-30306

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.6

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.3.20

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.1

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.3.6 that's all 6.3.20

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.1

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004462 // NVD: CVE-2022-30306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-30306
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-30306
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-30306
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1443
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-30306
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-30306
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-30306
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004462 // CNNVD: CNNVD-202302-1443 // NVD: CVE-2022-30306 // NVD: CVE-2022-30306

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-421800 // JVNDB: JVNDB-2023-004462 // NVD: CVE-2022-30306

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1443

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1443

PATCH

title:FG-IR-22-167url:https://fortiguard.com/psirt/FG-IR-22-167

Trust: 0.8

title:Fortinet FortiWeb Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226812

Trust: 0.6

sources: JVNDB: JVNDB-2023-004462 // CNNVD: CNNVD-202302-1443

EXTERNAL IDS

db:NVDid:CVE-2022-30306

Trust: 3.4

db:JVNDBid:JVNDB-2023-004462

Trust: 0.8

db:CNNVDid:CNNVD-202302-1443

Trust: 0.6

db:VULHUBid:VHN-421800

Trust: 0.1

db:VULMONid:CVE-2022-30306

Trust: 0.1

sources: VULHUB: VHN-421800 // VULMON: CVE-2022-30306 // JVNDB: JVNDB-2023-004462 // CNNVD: CNNVD-202302-1443 // NVD: CVE-2022-30306

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-167

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-30306

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-30306/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-421800 // VULMON: CVE-2022-30306 // JVNDB: JVNDB-2023-004462 // CNNVD: CNNVD-202302-1443 // NVD: CVE-2022-30306

SOURCES

db:VULHUBid:VHN-421800
db:VULMONid:CVE-2022-30306
db:JVNDBid:JVNDB-2023-004462
db:CNNVDid:CNNVD-202302-1443
db:NVDid:CVE-2022-30306

LAST UPDATE DATE

2024-08-14T15:37:08.248000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-421800date:2023-02-24T00:00:00
db:VULMONid:CVE-2022-30306date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004462date:2023-10-30T07:26:00
db:CNNVDid:CNNVD-202302-1443date:2023-02-27T00:00:00
db:NVDid:CVE-2022-30306date:2023-11-07T03:47:13.667

SOURCES RELEASE DATE

db:VULHUBid:VHN-421800date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-30306date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004462date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1443date:2023-02-16T00:00:00
db:NVDid:CVE-2022-30306date:2023-02-16T19:15:12.597