vulnerability
Fortinet FortiManager: Improper Handling of Exceptional Conditions (CVE-2022-22300)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Mar 1, 2022 | Mar 22, 2022 | Apr 7, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Mar 1, 2022
Added
Mar 22, 2022
Modified
Apr 7, 2026
Description
A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.
Solutions
fortinet-fortimanager-upgrade-5_6_11fortinet-fortimanager-upgrade-6_0_11fortinet-fortimanager-upgrade-6_2_9fortinet-fortimanager-upgrade-6_4_7fortinet-fortimanager-upgrade-7_0_3
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.