CVE-2022-35843

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.

Published: Dec 6, 2022
Updated: Nov 8, 2023
CVE: CVE-2022-35843
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
fortinet / fortiproxy	1.2.0	1.2.13.x
fortinet / fortios	7.2.0	7.2.0.x
fortinet / fortios	6.4.0	6.4.9.x
fortinet / fortios	6.0.0	6.0.15.x
fortinet / fortios	7.0.0	7.0.7.x
fortinet / fortiproxy	2.0.0	2.0.10.x
fortinet / fortiproxy	7.0.0	7.0.6.x
fortinet / fortios	6.2.0	6.2.12.x
fortinet / fortios	7.2.1	7.2.1.x

https://fortiguard.com/psirt/FG-IR-22-255

Vulnerability Database

289,784

CVE-2022-35843