An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-502 |
History
Wed, 23 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-04-11T16:07:12.104Z
Updated: 2024-10-23T14:28:22.085Z
Reserved: 2023-01-05T10:06:31.523Z
Link: CVE-2023-22642
Vulnrichment
Updated: 2024-08-02T10:13:49.455Z
NVD
Status : Modified
Published: 2023-04-11T17:15:08.150
Modified: 2024-11-21T07:45:06.863
Link: CVE-2023-22642
Redhat
No data.