A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-21-255 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:21
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-755 |
09 Mar 2022, 14:51
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-863 | |
| CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
| First Time |
Fortinet
Fortinet fortianalyzer Fortinet fortimanager |
|
| References | (CONFIRM) https://fortiguard.com/psirt/FG-IR-21-255 - Vendor Advisory | |
| CPE | cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* |
01 Mar 2022, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-03-01 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-22300
Mitre link : CVE-2022-22300
CVE.ORG link : CVE-2022-22300
JSON object : View
Products Affected
fortinet
- fortimanager
- fortianalyzer
CWE
CWE-755
Improper Handling of Exceptional Conditions