CVE-2022-35846 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-35846 PUBLISHED CVSS 8.100000381469727 HIGH

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.

EPSS 0.76% · 73.2th percentile

Risk Scores

CVSS v3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

EPSS Score

0.76%

73.2th percentile

Affected Products

Vendor	Product	Versions
fortinet	fortitester	2.3.0, 4.0.0, 7.0.0
Fortinet	Fortinet FortiTester	FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

Timeline

Oct 10, 2022 CVE Published
Oct 11, 2022 EPSS Score
Nov 23, 2022 EPSS Score
Jan 6, 2023 EPSS Score
Feb 18, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 16, 2023 EPSS Score
Jun 29, 2023 EPSS Score
Aug 11, 2023 EPSS Score
Sep 24, 2023 EPSS Score
Nov 6, 2023 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-22-086 advisory
https://www.fortiguard.com/psirt/FG-IR-22-377 advisory
https://www.fortiguard.com/psirt/FG-IR-21-242 advisory
https://www.fortiguard.com/psirt/FG-IR-22-237 advisory
https://www.fortiguard.com/psirt/FG-IR-22-026 advisory
https://www.fortiguard.com/psirt/FG-IR-22-244 advisory
https://www.fortiguard.com/psirt/FG-IR-22-247 advisory
https://fortiguard.com/psirt/FG-IR-22-244 url
https://nvd.nist.gov/vuln/detail/CVE-2022-35846 advisory

Open in Interactive Console →