| IR Number | FG-IR-22-244 |
| Date | Oct 10, 2022 |
| Severity |
High |
| CVSSv3 Score | 7.7 |
| Impact | Improper access control |
| CVE ID | CVE-2022-35846 |
| Affected Products |
FortiTester
:
7.1.1, 7.1.0, 7.0.0, 4.2.1, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.9.2, 3.9.1, 3.9.0, 3.8.0, 3.7.1, 3.7.0, 3.6.0, 3.5.1, 3.5.0, 3.4.0, 3.3.1, 3.3.0, 3.2.0, 3.1.0, 3.0.0, 2.9.0, 2.8.0, 2.7.0, 2.6.0, 2.5.0, 2.4.1, 2.4.0, 2.3.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiTester - Missing account lockout on telnet port
Summary
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.
Affected Products
FortiTester version 7.1.0 through 7.1.1FortiTester version 7.0.0
FortiTester version 4.2.0 through 4.2.1
FortiTester version 4.1.0 through 4.1.1
FortiTester version 4.0.0
FortiTester version 3.9.0 through 3.9.2
FortiTester version 3.8.0
FortiTester version 3.7.0 through 3.7.1
FortiTester version 3.6.0
FortiTester version 3.5.0 through 3.5.1
FortiTester version 3.4.0
FortiTester version 3.3.0 through 3.3.1
FortiTester version 3.2.0
FortiTester version 3.1.0
FortiTester version 3.0.0
FortiTester version 2.9.0
FortiTester version 2.8.0
FortiTester version 2.7.0
FortiTester version 2.6.0
FortiTester version 2.5.0
FortiTester version 2.4.0 through 2.4.1
FortiTester version 2.3.0
Solutions
Please upgrade to FortiTester version 7.2.0 or abovePlease upgrade to FortiTester version 7.1.1 or above
Please upgrade to FortiTester version 4.2.1 or above
Please upgrade to FortiTester version 3.9.2 or above