Sign-up

ID

VAR-202305-0134


CVE

CVE-2022-45858


TITLE

Fortinet FortiNAC Encryption problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202305-189

DESCRIPTION

A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from the use of a weak encryption algorithm vulnerability

Trust: 1.53

sources: NVD: CVE-2022-45858 // CNNVD: CNNVD-202305-189 // VULMON: CVE-2022-45858

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:ltversion:9.1.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.4.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:ltversion:9.4.2

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:ltversion:9.2.6

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.2.0

Trust: 1.0

sources: NVD: CVE-2022-45858

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-45858
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202305-189
value: HIGH

Trust: 0.6

NVD: CVE-2022-45858
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-45858 // CNNVD: CNNVD-202305-189

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.0

sources: NVD: CVE-2022-45858

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-189

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202305-189

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-45858

PATCH
title:Fortinet FortiNAC Fixes for encryption problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237179
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202305-189

EXTERNAL IDS
db:NVDid:CVE-2022-45858
Trust: 1.7
db:AUSCERTid:ESB-2023.2497
Trust: 0.6
db:CNNVDid:CNNVD-202305-189
Trust: 0.6
db:VULMONid:CVE-2022-45858
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-45858 // 
            
            
            
            NVD: CVE-2022-45858 // 
            
            
            
            CNNVD: CNNVD-202305-189

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-452
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2022-45858/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2023.2497
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-45858 // 
            
            
            
            NVD: CVE-2022-45858 // 
            
            
            
            CNNVD: CNNVD-202305-189

SOURCES
db:VULMONid:CVE-2022-45858
db:NVDid:CVE-2022-45858
db:CNNVDid:CNNVD-202305-189

LAST UPDATE DATE
2023-05-12T22:41:09.715000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-45858date:2023-05-04T00:00:00
db:NVDid:CVE-2022-45858date:2023-05-11T17:50:00
db:CNNVDid:CNNVD-202305-189date:2023-05-12T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-45858date:2023-05-03T00:00:00
db:NVDid:CVE-2022-45858date:2023-05-03T22:15:00
db:CNNVDid:CNNVD-202305-189date:2023-05-03T00:00:00