Lucene search

K
hiveproHiveForce LabHIVEPRO:E97E67D35594D6475CCB415ADE5C2ADB
HistoryDec 12, 2022 - 5:43 a.m.

Fortinet addresses Authentication Bypass in addition to numerous flaws

2022-12-1205:43:13
HiveForce Lab
www.hivepro.com
23

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet addressed security flaws across its products, including a high-severity authentication bypass affecting FortiOS and FortiProxy tracking CVE-2022-35843 in FortiOS's SSH login component. Only when Radius authentication is utilized can the bug be triggered. A remote attacker can circumvent authentication and get access to the device by delivering a specially designed Access-Challenge response from the Radius server. Other weaknesses allow an authenticated attacker to retrieve files and execute arbitrary code via crafted HTTP requests.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related for HIVEPRO:E97E67D35594D6475CCB415ADE5C2ADB