{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-22305","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2022-01-03T09:39:36.530Z","datePublished":"2023-09-01T11:43:03.878Z","dateUpdated":"2024-09-27T18:40:07.999Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.2","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.7","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.11","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.12","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSandbox","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"4.0.0","lessThanOrEqual":"4.0.2","status":"affected"},{"versionType":"semver","version":"3.2.0","lessThanOrEqual":"3.2.4","status":"affected"},{"versionType":"semver","version":"3.1.0","lessThanOrEqual":"3.1.5","status":"affected"},{"versionType":"semver","version":"3.0.0","lessThanOrEqual":"3.0.7","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.1","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.6","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.11","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.12","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-09-01T11:43:03.878Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-297","description":"Information disclosure","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiManager version 7.0.2 or above.\r\nPlease upgrade to FortiManager version 6.4.7 or above.\n\r\nPlease upgrade to FortiAnalyzer version 7.0.3 or above.\r\nPlease upgrade to FortiAnalyzer version 6.4.8 or above.\n\r\nPlease upgrade to FortiSandbox version 4.2.0 or above \n\r\n "}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-18-292","url":"https://fortiguard.com/psirt/FG-IR-18-292"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T03:07:50.194Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-18-292","url":"https://fortiguard.com/psirt/FG-IR-18-292","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-27T18:01:39.754816Z","id":"CVE-2022-22305","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-27T18:40:07.999Z"}}]}}