{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-22642","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-01-05T10:06:31.523Z","datePublished":"2023-04-11T16:07:12.104Z","dateUpdated":"2024-10-23T14:28:22.085Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.1","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.5","status":"affected"},{"versionType":"semver","version":"6.4.8","lessThanOrEqual":"6.4.10","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThan":"6.4.*","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.1","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.5","status":"affected"},{"versionType":"semver","version":"6.4.8","lessThanOrEqual":"6.4.10","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThan":"6.4.*","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-04-11T16:07:12.104Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-295","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiManager version 7.2.2 or above\r\nPlease upgrade to FortiManager version 7.0.6 or above\r\nPlease upgrade to FortiManager version 6.4.11 or above\r\nPlease upgrade to FortiAnalyzer version 7.2.2 or above\r\nPlease upgrade to FortiAnalyzer version 7.0.6 or above\r\nPlease upgrade to FortiAnalyzer version 6.4.11 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-502","url":"https://fortiguard.com/psirt/FG-IR-22-502"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T10:13:49.455Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-502","url":"https://fortiguard.com/psirt/FG-IR-22-502","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:11:11.302706Z","id":"CVE-2023-22642","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-23T14:28:22.085Z"}}]}}