Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-39948

Опубликовано: 16 фев. 2023
Источник: nvd
CVSS3: 4.8
CVSS3: 7.4
EPSS Низкий

Описание

An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Версия от 1.2.0 (включая) до 2.0.9 (включая)
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.0.7 (исключая)
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Версия от 6.0.0 (включая) до 7.0.8 (исключая)
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Версия от 7.2.0 (включая) до 7.2.4 (исключая)

EPSS

Процентиль: 37%
0.00157
Низкий

4.8 Medium

CVSS3

7.4 High

CVSS3

Дефекты

CWE-295
CWE-295

Связанные уязвимости

github логотип

GHSA-3p3g-v9c5-jwvw

CVSS3: 7.4
github
почти 3 года назад

An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)

EPSS

Процентиль: 37%
0.00157
Низкий

4.8 Medium

CVSS3

7.4 High

CVSS3

Дефекты

CWE-295
CWE-295