First published: Tue Apr 11 2023(Updated: )
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiProxy | >=1.0.0<=2.0.9 | |
Fortinet FortiProxy | >=7.0.0<7.0.8 | |
Fortinet FortiProxy | >=7.2.0<7.2.2 | |
Fortinet FortiOS | >=6.2.0<6.4.13 | |
Fortinet FortiOS | >=7.0.0<7.0.11 | |
Fortinet FortiOS | >=7.2.0<7.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43947 is an improper restriction of excessive authentication attempts vulnerability in Fortinet FortiOS and FortiProxy.
The severity of CVE-2022-43947 is high with a CVSS score of 8.8.
Fortinet FortiOS versions 7.2.0 through 7.2.3 and before 7.0.10, and FortiProxy versions 7.2.0 through 7.2.2 and before 7.0.8 are affected.
CVE-2022-43947 allows an attacker with a valid user account to perform brute-force attacks on the FortiProxy administrative interface.
Update Fortinet FortiOS to version 7.0.10 or later, and update FortiProxy to version 7.0.8 or later to mitigate the vulnerability.