FortiManager 7.0.1 Improper Cert Validation (CWE-295) MITM Vulnerability
CVE-2022-22305 Published on September 1, 2023
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.
Vulnerability Analysis
Weakness Type
Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
Products Associated with CVE-2022-22305
Want to know whenever a new CVE is published for Fortinet products? stack.watch will email you.
Affected Versions
Fortinet FortiAnalyzer:- Version 7.0.0, <= 7.0.2 is affected.
- Version 6.4.0, <= 6.4.7 is affected.
- Version 6.2.0, <= 6.2.11 is affected.
- Version 6.0.0, <= 6.0.12 is affected.
- Version 4.0.0, <= 4.0.2 is affected.
- Version 3.2.0, <= 3.2.4 is affected.
- Version 3.1.0, <= 3.1.5 is affected.
- Version 3.0.0, <= 3.0.7 is affected.
- Version 7.0.0, <= 7.0.1 is affected.
- Version 6.4.0, <= 6.4.6 is affected.
- Version 6.2.0, <= 6.2.11 is affected.
- Version 6.0.0, <= 6.0.12 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.