First published: Tue Apr 11 2023(Updated: )
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiAnalyzer | >=6.4.8<6.4.11 | |
Fortinet FortiAnalyzer | >=7.0.0<7.0.6 | |
Fortinet FortiAnalyzer | >=7.2.0<7.2.2 | |
Fortinet FortiManager | >=6.4.8<6.4.11 | |
Fortinet FortiManager | >=7.0.0<7.0.6 | |
Fortinet FortiManager | >=7.2.0<7.2.2 |
Please upgrade to FortiManager version 7.2.2 or above Please upgrade to FortiManager version 7.0.6 or above Please upgrade to FortiManager version 6.4.11 or above Please upgrade to FortiAnalyzer version 7.2.2 or above Please upgrade to FortiAnalyzer version 7.0.6 or above Please upgrade to FortiAnalyzer version 6.4.11 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Fortinet vulnerability is CVE-2023-22642.
FortiAnalyzer and FortiManager versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, and 6.4.8 through 6.4.10 are affected by this vulnerability.
The severity level of CVE-2023-22642 is high with a severity value of 8.1.
The CWE ID for this vulnerability is CWE-295.
An attacker can exploit this vulnerability to perform a Man-in-the-Middle attack on the communication channel between the device and the remote server.