ID

VAR-202312-1940


CVE

CVE-2022-27488


TITLE

Cross-site request forgery vulnerability in multiple Fortinet products

Trust: 0.8

sources: JVNDB: JVNDB-2022-024746

DESCRIPTION

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests. FortiAI firmware, FortiMail , FortiNDR A cross-site request forgery vulnerability exists in multiple Fortinet products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-27488 // JVNDB: JVNDB-2022-024746

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:7.0.3

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.4.6

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:lteversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:lteversion:6.4.7

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:lteversion:7.0.4

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.0.12

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiaiscope:eqversion:1.1.0

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:gteversion:2.7.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:lteversion:7.0.4

Trust: 1.0

vendor:fortinetmodel:fortiaiscope:eqversion:1.5.3

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:lteversion:6.0.11

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:lteversion:6.0.11

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:lteversion:2.7.7

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:lteversion:6.4.10

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.2.9

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:lteversion:2.6.3

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:lteversion:6.2.7

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:lteversion:6.0.7

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:eqversion:7.1.0

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:gteversion:2.6.0

Trust: 1.0

vendor:フォーティネットmodel:fortiswitchscope:eqversion:6.2.0 to 6.2.7

Trust: 0.8

vendor:フォーティネットmodel:fortiswitchscope:eqversion:7.0.0 to 7.0.4

Trust: 0.8

vendor:フォーティネットmodel:fortindrscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortirecorderscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiswitchscope:eqversion:6.0.0 to 6.0.7

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiswitchscope:eqversion:6.4.0 to 6.4.10

Trust: 0.8

vendor:フォーティネットmodel:fortivoicescope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiaiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-024746 // NVD: CVE-2022-27488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-27488
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-27488
value: HIGH

Trust: 1.0

NVD: CVE-2022-27488
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2022-27488
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-27488
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-27488
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-024746 // NVD: CVE-2022-27488 // NVD: CVE-2022-27488

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

problemtype:Cross-site request forgery (CWE-352) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-024746 // NVD: CVE-2022-27488

PATCH

title:FG-IR-22-038url:https://www.fortiguard.com/psirt/FG-IR-22-038

Trust: 0.8

sources: JVNDB: JVNDB-2022-024746

EXTERNAL IDS

db:NVDid:CVE-2022-27488

Trust: 2.6

db:JVNDBid:JVNDB-2022-024746

Trust: 0.8

sources: JVNDB: JVNDB-2022-024746 // NVD: CVE-2022-27488

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-038

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-27488

Trust: 0.8

sources: JVNDB: JVNDB-2022-024746 // NVD: CVE-2022-27488

SOURCES

db:JVNDBid:JVNDB-2022-024746
db:NVDid:CVE-2022-27488

LAST UPDATE DATE

2024-08-14T13:41:21.392000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-024746date:2024-01-16T07:06:00
db:NVDid:CVE-2022-27488date:2024-01-18T15:48:06.043

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-024746date:2024-01-16T00:00:00
db:NVDid:CVE-2022-27488date:2023-12-13T07:15:10.910