CVE-2022-35846 — Vulnetix

CVE-2022-35846 PUBLISHED CVSS 8.100000381469727 HIGH

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.

EPSS 0.76% · 73.7th percentile

Risk Scores

CVSS 3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

EPSS Score

0.76%

73.7th percentile

Affected Products

Vendor	Product	Versions
fortinet	fortitester	2.3.0, 4.0.0, 7.0.0
Fortinet	Fortinet FortiTester	FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

Exploit Intelligence

https://fortiguard.com/psirt/FG-IR-22-244 (circl)

Timeline

Oct 10, 2022 CVE Published
Oct 11, 2022 EPSS Score
Nov 24, 2022 EPSS Score
Jan 7, 2023 EPSS Score
Feb 20, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 5, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 2, 2023 EPSS Score
Aug 15, 2023 EPSS Score
Sep 28, 2023 EPSS Score
Nov 11, 2023 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-22-086 advisory
https://www.fortiguard.com/psirt/FG-IR-22-377 advisory
https://www.fortiguard.com/psirt/FG-IR-21-242 advisory
https://www.fortiguard.com/psirt/FG-IR-22-237 advisory
https://www.fortiguard.com/psirt/FG-IR-22-026 advisory
https://www.fortiguard.com/psirt/FG-IR-22-244 advisory
https://www.fortiguard.com/psirt/FG-IR-22-247 advisory
https://fortiguard.com/psirt/FG-IR-22-244 url
https://nvd.nist.gov/vuln/detail/CVE-2022-35846 advisory

Open in Interactive Console →