Multiple products - Lack of certificate verification when establishing secure connections
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-18-292
Final
1
1
2022-06-07T00:00:00
Current version
2022-06-07T00:00:00
2022-06-07T00:00:00
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer, FortiManager, and FortiSandbox may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.
None
Information disclosure
FortiAnalyzer 7.0.2
FortiAnalyzer 7.0.1
FortiAnalyzer 7.0.0
FortiAnalyzer 6.4.7
FortiAnalyzer 6.4.6
FortiAnalyzer 6.4.5
FortiAnalyzer 6.4.4
FortiAnalyzer 6.4.3
FortiAnalyzer 6.4.2
FortiAnalyzer 6.4.1
FortiAnalyzer 6.4.0
FortiAnalyzer 6.2.12
FortiAnalyzer 6.2.11
FortiAnalyzer 6.2.10
FortiAnalyzer 6.2.9
FortiAnalyzer 6.2.8
FortiAnalyzer 6.2.7
FortiAnalyzer 6.2.6
FortiAnalyzer 6.2.5
FortiAnalyzer 6.2.4
FortiAnalyzer 6.2.3
FortiAnalyzer 6.2.2
FortiAnalyzer 6.2.1
FortiAnalyzer 6.2.0
FortiAnalyzer 6.0.12
FortiAnalyzer 6.0.11
FortiAnalyzer 6.0.10
FortiAnalyzer 6.0.9
FortiAnalyzer 6.0.8
FortiAnalyzer 6.0.7
FortiAnalyzer 6.0.6
FortiAnalyzer 6.0.5
FortiAnalyzer 6.0.4
FortiAnalyzer 6.0.3
FortiAnalyzer 6.0.2
FortiAnalyzer 6.0.1
FortiAnalyzer 6.0.0
FortiManager 7.0.1
FortiManager 7.0.0
FortiManager 6.4.6
FortiManager 6.4.5
FortiManager 6.4.4
FortiManager 6.4.3
FortiManager 6.4.2
FortiManager 6.4.1
FortiManager 6.4.0
FortiManager 6.2.11
FortiManager 6.2.10
FortiManager 6.2.9
FortiManager 6.2.8
FortiManager 6.2.7
FortiManager 6.2.6
FortiManager 6.2.5
FortiManager 6.2.4
FortiManager 6.2.3
FortiManager 6.2.2
FortiManager 6.2.1
FortiManager 6.2.0
FortiManager 6.0.12
FortiManager 6.0.11
FortiManager 6.0.10
FortiManager 6.0.9
FortiManager 6.0.8
FortiManager 6.0.7
FortiManager 6.0.6
FortiManager 6.0.5
FortiManager 6.0.4
FortiManager 6.0.3
FortiManager 6.0.2
FortiManager 6.0.1
FortiManager 6.0.0
FortiOS 6.2.15
FortiOS 6.2.14
FortiOS 6.2.13
FortiOS 6.2.12
FortiOS 6.2.11
FortiOS 6.2.10
FortiOS 6.2.9
FortiOS 6.2.8
FortiOS 6.2.7
FortiOS 6.2.6
FortiOS 6.2.5
FortiOS 6.2.4
FortiOS 6.2.3
FortiOS 6.2.2
FortiOS 6.2.1
FortiOS 6.2.0
FortiOS 6.0.17
FortiOS 6.0.16
FortiOS 6.0.15
FortiOS 6.0.14
FortiOS 6.0.13
FortiOS 6.0.12
FortiOS 6.0.11
FortiOS 6.0.10
FortiOS 6.0.9
FortiOS 6.0.8
FortiOS 6.0.7
FortiOS 6.0.6
FortiOS 6.0.5
FortiOS 6.0.4
FortiOS 6.0.3
FortiOS 6.0.2
FortiOS 6.0.1
FortiOS 6.0.0
FortiOS 5.6.14
FortiOS 5.6.13
FortiOS 5.6.12
FortiOS 5.6.11
FortiOS 5.6.10
FortiSandbox 4.0.2
FortiSandbox 4.0.1
FortiSandbox 4.0.0
FortiSandbox 3.2.4
FortiSandbox 3.2.3
FortiSandbox 3.2.2
FortiSandbox 3.2.1
FortiSandbox 3.2.0
FortiSandbox 3.1.5
FortiSandbox 3.1.4
FortiSandbox 3.1.3
FortiSandbox 3.1.2
FortiSandbox 3.1.1
FortiSandbox 3.1.0
FortiSandbox 3.0.7
FortiSandbox 3.0.6
FortiSandbox 3.0.5
FortiSandbox 3.0.4
FortiSandbox 3.0.3
FortiSandbox 3.0.2
FortiSandbox 3.0.1
FortiSandbox 3.0.0
Multiple products - Lack of certificate verification when establishing secure connections
CVE-2022-22305
FortiAnalyzer-7.0.2
FortiAnalyzer-7.0.1
FortiAnalyzer-7.0.0
FortiAnalyzer-6.4.7
FortiAnalyzer-6.4.6
FortiAnalyzer-6.4.5
FortiAnalyzer-6.4.4
FortiAnalyzer-6.4.3
FortiAnalyzer-6.4.2
FortiAnalyzer-6.4.1
FortiAnalyzer-6.4.0
FortiAnalyzer-6.2.12
FortiAnalyzer-6.2.11
FortiAnalyzer-6.2.10
FortiAnalyzer-6.2.9
FortiAnalyzer-6.2.8
FortiAnalyzer-6.2.7
FortiAnalyzer-6.2.6
FortiAnalyzer-6.2.5
FortiAnalyzer-6.2.4
FortiAnalyzer-6.2.3
FortiAnalyzer-6.2.2
FortiAnalyzer-6.2.1
FortiAnalyzer-6.2.0
FortiAnalyzer-6.0.12
FortiAnalyzer-6.0.11
FortiAnalyzer-6.0.10
FortiAnalyzer-6.0.9
FortiAnalyzer-6.0.8
FortiAnalyzer-6.0.7
FortiAnalyzer-6.0.6
FortiAnalyzer-6.0.5
FortiAnalyzer-6.0.4
FortiAnalyzer-6.0.3
FortiAnalyzer-6.0.2
FortiAnalyzer-6.0.1
FortiAnalyzer-6.0.0
FortiManager-7.0.1
FortiManager-7.0.0
FortiManager-6.4.6
FortiManager-6.4.5
FortiManager-6.4.4
FortiManager-6.4.3
FortiManager-6.4.2
FortiManager-6.4.1
FortiManager-6.4.0
FortiManager-6.2.11
FortiManager-6.2.10
FortiManager-6.2.9
FortiManager-6.2.8
FortiManager-6.2.7
FortiManager-6.2.6
FortiManager-6.2.5
FortiManager-6.2.4
FortiManager-6.2.3
FortiManager-6.2.2
FortiManager-6.2.1
FortiManager-6.2.0
FortiManager-6.0.12
FortiManager-6.0.11
FortiManager-6.0.10
FortiManager-6.0.9
FortiManager-6.0.8
FortiManager-6.0.7
FortiManager-6.0.6
FortiManager-6.0.5
FortiManager-6.0.4
FortiManager-6.0.3
FortiManager-6.0.2
FortiManager-6.0.1
FortiManager-6.0.0
FortiOS-6.2.15
FortiOS-6.2.14
FortiOS-6.2.13
FortiOS-6.2.12
FortiOS-6.2.11
FortiOS-6.2.10
FortiOS-6.2.9
FortiOS-6.2.8
FortiOS-6.2.7
FortiOS-6.2.6
FortiOS-6.2.5
FortiOS-6.2.4
FortiOS-6.2.3
FortiOS-6.2.2
FortiOS-6.2.1
FortiOS-6.2.0
FortiOS-6.0.17
FortiOS-6.0.16
FortiOS-6.0.15
FortiOS-6.0.14
FortiOS-6.0.13
FortiOS-6.0.12
FortiOS-6.0.11
FortiOS-6.0.10
FortiOS-6.0.9
FortiOS-6.0.8
FortiOS-6.0.7
FortiOS-6.0.6
FortiOS-6.0.5
FortiOS-6.0.4
FortiOS-6.0.3
FortiOS-6.0.2
FortiOS-6.0.1
FortiOS-6.0.0
FortiOS-5.6.14
FortiOS-5.6.13
FortiOS-5.6.12
FortiOS-5.6.11
FortiOS-5.6.10
FortiSandbox-4.0.2
FortiSandbox-4.0.1
FortiSandbox-4.0.0
FortiSandbox-3.2.4
FortiSandbox-3.2.3
FortiSandbox-3.2.2
FortiSandbox-3.2.1
FortiSandbox-3.2.0
FortiSandbox-3.1.5
FortiSandbox-3.1.4
FortiSandbox-3.1.3
FortiSandbox-3.1.2
FortiSandbox-3.1.1
FortiSandbox-3.1.0
FortiSandbox-3.0.7
FortiSandbox-3.0.6
FortiSandbox-3.0.5
FortiSandbox-3.0.4
FortiSandbox-3.0.3
FortiSandbox-3.0.2
FortiSandbox-3.0.1
FortiSandbox-3.0.0
5.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-18-292
Multiple products - Lack of certificate verification when establishing secure connections
Reference>