VDB

CVE-2023-22642

CVE-2023-22642 PUBLISHED CVSS 6.800000190734863 MEDIUM

An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.

EPSS 0.20% · 42.6th percentile

Risk Scores

CVSS 3.1
6.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
EPSS Score
0.20%
42.6th percentile

Affected Products

VendorProductVersions
FortinetFortiManager6.4.0, 6.4.8, 7.0.0
fortinetfortimanager7.2.0, 7.0.0, 6.4.8
FortinetFortiAnalyzer7.2.0, 7.0.0, 6.4.8
fortinetfortianalyzer7.0.0, 7.0.0, 6.4.8

Exploit Intelligence

…and 11 more exploits

Timeline

  • Apr 11, 2023 CVE Published
  • Apr 12, 2023 EPSS Score
  • May 20, 2023 EPSS Score
  • Jun 26, 2023 EPSS Score
  • Aug 3, 2023 EPSS Score
  • Sep 10, 2023 EPSS Score
  • Oct 18, 2023 EPSS Score
  • Nov 24, 2023 EPSS Score
  • Jan 1, 2024 EPSS Score
  • Feb 8, 2024 EPSS Score
  • Mar 17, 2024 EPSS Score
  • Apr 23, 2024 EPSS Score

References

…and 3 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›