vulnerability

Fortinet FortiOS: Improper Certificate Validation (CVE-2022-22306)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:A/AC:M/Au:N/C:P/I:N/A:N)	May 24, 2022	Jun 8, 2022	Jun 8, 2022

Severity

CVSS

(AV:A/AC:M/Au:N/C:P/I:N/A:N)

Published

May 24, 2022

Added

Jun 8, 2022

Modified

Jun 8, 2022

Description

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.

Solution

fortios-upgrade-6_4_9

References

CVE-2022-22306
https://attackerkb.com/topics/CVE-2022-22306
URL-https://fortiguard.com/psirt/FG-IR-21-239

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today