7 matches found
CVE-2022-22306
An improper certificate validation vulnerability CWE-295 in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and...
Fortinet Fortigate Lack of certificate verification when establishing secure connections to external end-points (FG-IR-21-239)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-239 advisory. - An improper certificate validation vulnerability CWE-295 in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 throu...
CVE-2022-22306
An improper certificate validation vulnerability CWE-295 in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and...
CVE-2022-22306
An improper certificate validation vulnerability CWE-295 in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and...
CVE-2022-22306
An improper certificate validation vulnerability CWE-295 in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and...
CVE-2022-22306
CVE-2022-22306 affects FortiOS across multiple trains (6.0.0–6.0.14, 6.2.0–6.2.10, 6.4.0–6.4.8, 7.0.0). The root cause is improper certificate validation (CWE-295), enabling a network-adjacent, unauthenticated attacker to perform man-in-the-middle on FortiGate communications with peers (e.g., pri...
Vulnerabilities fixed in FortiOS
Vulnerabilities have been fixed in FortiOS. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to sensitive data Access to system data Fortinet has released updates to...