VDB
GSD-2023-22642
GSD-2023-22642
PUBLISHED
CVSS 6.800000190734863 MEDIUM
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.
Risk Scores
CVSS v3.1
6.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiAnalyzer | 7.2.0, 6.4.0, 6.4.8 |
| Fortinet | FortiManager | 7.2.0, 7.0.0, 6.4.8 |
Timeline
- Dec 27, 2024 PoC Published
- Feb 13, 2025 PoC Published
- Mar 28, 2025 PoC Published
- May 12, 2025 PoC Published
- Apr 22, 2026 CVE Published