First published: Thu Jan 05 2023(Updated: )
An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted.
Credit: psirt@fortinet.com psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiManager | >=6.2.0<6.2.9 | |
Fortinet FortiManager | >=6.4.0<6.4.8 | |
Fortinet FortiManager | >=7.0.0<7.0.2 | |
>=6.2.0<6.2.9 | ||
>=6.4.0<6.4.8 | ||
>=7.0.0<7.0.2 |
Please upgrade to FortiManager version 7.0.2 or above Please upgrade to FortiManager version 6.4.8 or above Please upgrade to FortiManager version 6.2.9 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this FortiManager vulnerability is CVE-2022-45857.
The severity of CVE-2022-45857 is high with a severity value of 7.5.
FortiManager versions 6.4.6 and below are affected by CVE-2022-45857.
CVE-2022-45857 allows an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted.
You can find more information about CVE-2022-45857 at the FortiGuard PSIRT advisory: https://fortiguard.com/psirt/FG-IR-22-371