{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-39948","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2022-09-05T13:11:35.552Z","datePublished":"2023-02-16T18:06:29.870Z","dateUpdated":"2024-10-22T20:49:38.976Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.6","status":"affected"},{"versionType":"semver","version":"2.0.0","lessThanOrEqual":"2.0.11","status":"affected"},{"versionType":"semver","version":"1.2.0","lessThanOrEqual":"1.2.13","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.3","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.7","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.11","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.12","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.16","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)"}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-02-16T18:06:29.870Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-295","description":"Information disclosure","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:R"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiProxy version 7.2.0 or above Please upgrade to FortiProxy version 7.0.7 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.8 or above "}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-257","url":"https://fortiguard.com/psirt/FG-IR-22-257"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T12:07:42.943Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-257","url":"https://fortiguard.com/psirt/FG-IR-22-257","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-22T20:18:34.434332Z","id":"CVE-2022-39948","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T20:49:38.976Z"}}]}}