Input validation

2023-09-0112:15:00

PRIOn knowledge base

www.prio-n.com

certificate validation

vulnerability

fortimanager

fortianalyzer

fortios

fortisandbox

man-in-the-middle attack

network security

nvd

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.

CPENameOperatorVersion
fortianalyzerge6.0.0
fortianalyzerle6.0.12
fortianalyzereq7.0.0
fortianalyzereq7.0.1
fortianalyzereq7.0.2
fortianalyzerge6.2.9
fortianalyzerle6.4.7
fortimanagereq7.0.0
fortimanagereq7.0.1
fortimanagerge6.4.0

Name	Operator	Version
fortianalyzer	ge	6.0.0
fortianalyzer	le	6.0.12
fortianalyzer	eq	7.0.0
fortianalyzer	eq	7.0.1
fortianalyzer	eq	7.0.2
fortianalyzer	ge	6.2.9
fortianalyzer	le	6.4.7
fortimanager	eq	7.0.0
fortimanager	eq	7.0.1
fortimanager	ge	6.4.0