vulnerability

Fortinet FortiManager: Unspecified Security Vulnerability (CVE-2022-45857)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:A/AC:H/Au:M/C:P/I:P/A:C)	Jan 5, 2023	Mar 17, 2023	Aug 1, 2025

Severity

CVSS

(AV:A/AC:H/Au:M/C:P/I:P/A:C)

Published

Jan 5, 2023

Added

Mar 17, 2023

Modified

Aug 1, 2025

Description

An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted.

Solutions

fortinet-fortimanager-upgrade-6_2_8fortinet-fortimanager-upgrade-6_4_7fortinet-fortimanager-upgrade-7_0_1

References

CVE-2022-45857
https://attackerkb.com/topics/CVE-2022-45857
URL-https://fortiguard.com/psirt/FG-IR-22-371

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today