CVE-2023-22642

An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.

Published: Apr 11, 2023
Updated: Apr 19, 2023
CVE: CVE-2023-22642
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
fortinet / fortianalyzer	7.2.0	7.2.2
fortinet / fortianalyzer	7.0.0	7.0.6
fortinet / fortianalyzer	6.4.8	6.4.11
fortinet / fortimanager	6.4.8	6.4.11
fortinet / fortimanager	7.2.0	7.2.2
fortinet / fortimanager	7.0.0	7.0.6

https://fortiguard.com/psirt/FG-IR-22-502

Vulnerability Database

289,784

CVE-2023-22642