Lack of certificate verification when establishing secure connections

Lack of certificate verification when establishing secure connections Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-18-292 Final 1 1 2022-06-07T00:00:00 Current version 2022-06-07T00:00:00 2022-06-07T00:00:00 An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer, FortiManager, and FortiSandbox may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. None Information disclosure FortiAnalyzer 7.0.2 FortiAnalyzer 7.0.1 FortiAnalyzer 7.0.0 FortiAnalyzer 6.4.7 FortiAnalyzer 6.4.6 FortiAnalyzer 6.4.5 FortiAnalyzer 6.4.4 FortiAnalyzer 6.4.3 FortiAnalyzer 6.4.2 FortiAnalyzer 6.4.1 FortiAnalyzer 6.4.0 FortiAnalyzer 6.2.13 FortiAnalyzer 6.2.12 FortiAnalyzer 6.2.11 FortiAnalyzer 6.2.10 FortiAnalyzer 6.2.9 FortiAnalyzer 6.2.8 FortiAnalyzer 6.2.7 FortiAnalyzer 6.2.6 FortiAnalyzer 6.2.5 FortiAnalyzer 6.2.4 FortiAnalyzer 6.2.3 FortiAnalyzer 6.2.2 FortiAnalyzer 6.2.1 FortiAnalyzer 6.2.0 FortiAnalyzer 6.0.12 FortiAnalyzer 6.0.11 FortiAnalyzer 6.0.10 FortiAnalyzer 6.0.9 FortiAnalyzer 6.0.8 FortiAnalyzer 6.0.7 FortiAnalyzer 6.0.6 FortiAnalyzer 6.0.5 FortiAnalyzer 6.0.4 FortiAnalyzer 6.0.3 FortiAnalyzer 6.0.2 FortiAnalyzer 6.0.1 FortiAnalyzer 6.0.0 FortiManager 7.0.1 FortiManager 7.0.0 FortiManager 6.4.6 FortiManager 6.4.5 FortiManager 6.4.4 FortiManager 6.4.3 FortiManager 6.4.2 FortiManager 6.4.1 FortiManager 6.4.0 FortiManager 6.2.11 FortiManager 6.2.10 FortiManager 6.2.9 FortiManager 6.2.8 FortiManager 6.2.7 FortiManager 6.2.6 FortiManager 6.2.5 FortiManager 6.2.4 FortiManager 6.2.3 FortiManager 6.2.2 FortiManager 6.2.1 FortiManager 6.2.0 FortiManager 6.0.12 FortiManager 6.0.11 FortiManager 6.0.10 FortiManager 6.0.9 FortiManager 6.0.8 FortiManager 6.0.7 FortiManager 6.0.6 FortiManager 6.0.5 FortiManager 6.0.4 FortiManager 6.0.3 FortiManager 6.0.2 FortiManager 6.0.1 FortiManager 6.0.0 FortiOS 6.2.15 FortiOS 6.2.14 FortiOS 6.2.13 FortiOS 6.2.12 FortiOS 6.2.11 FortiOS 6.2.10 FortiOS 6.2.9 FortiOS 6.2.8 FortiOS 6.2.7 FortiOS 6.2.6 FortiOS 6.2.5 FortiOS 6.2.4 FortiOS 6.2.3 FortiOS 6.2.2 FortiOS 6.2.1 FortiOS 6.2.0 FortiOS 6.0.17 FortiOS 6.0.16 FortiOS 6.0.15 FortiOS 6.0.14 FortiOS 6.0.13 FortiOS 6.0.12 FortiOS 6.0.11 FortiOS 6.0.10 FortiOS 6.0.9 FortiOS 6.0.8 FortiOS 6.0.7 FortiOS 6.0.6 FortiOS 6.0.5 FortiOS 6.0.4 FortiOS 6.0.3 FortiOS 6.0.2 FortiOS 6.0.1 FortiOS 6.0.0 FortiOS 5.6.14 FortiOS 5.6.13 FortiOS 5.6.12 FortiOS 5.6.11 FortiOS 5.6.10 FortiSandbox 4.0.2 FortiSandbox 4.0.1 FortiSandbox 4.0.0 FortiSandbox 3.2.4 FortiSandbox 3.2.3 FortiSandbox 3.2.2 FortiSandbox 3.2.1 FortiSandbox 3.2.0 FortiSandbox 3.1.5 FortiSandbox 3.1.4 FortiSandbox 3.1.3 FortiSandbox 3.1.2 FortiSandbox 3.1.1 FortiSandbox 3.1.0 FortiSandbox 3.0.7 FortiSandbox 3.0.6 FortiSandbox 3.0.5 FortiSandbox 3.0.4 FortiSandbox 3.0.3 FortiSandbox 3.0.2 FortiSandbox 3.0.1 FortiSandbox 3.0.0 Lack of certificate verification when establishing secure connections CVE-2022-22305 FortiAnalyzer-7.0.2 FortiAnalyzer-7.0.1 FortiAnalyzer-7.0.0 FortiAnalyzer-6.4.7 FortiAnalyzer-6.4.6 FortiAnalyzer-6.4.5 FortiAnalyzer-6.4.4 FortiAnalyzer-6.4.3 FortiAnalyzer-6.4.2 FortiAnalyzer-6.4.1 FortiAnalyzer-6.4.0 FortiAnalyzer-6.2.13 FortiAnalyzer-6.2.12 FortiAnalyzer-6.2.11 FortiAnalyzer-6.2.10 FortiAnalyzer-6.2.9 FortiAnalyzer-6.2.8 FortiAnalyzer-6.2.7 FortiAnalyzer-6.2.6 FortiAnalyzer-6.2.5 FortiAnalyzer-6.2.4 FortiAnalyzer-6.2.3 FortiAnalyzer-6.2.2 FortiAnalyzer-6.2.1 FortiAnalyzer-6.2.0 FortiAnalyzer-6.0.12 FortiAnalyzer-6.0.11 FortiAnalyzer-6.0.10 FortiAnalyzer-6.0.9 FortiAnalyzer-6.0.8 FortiAnalyzer-6.0.7 FortiAnalyzer-6.0.6 FortiAnalyzer-6.0.5 FortiAnalyzer-6.0.4 FortiAnalyzer-6.0.3 FortiAnalyzer-6.0.2 FortiAnalyzer-6.0.1 FortiAnalyzer-6.0.0 FortiManager-7.0.1 FortiManager-7.0.0 FortiManager-6.4.6 FortiManager-6.4.5 FortiManager-6.4.4 FortiManager-6.4.3 FortiManager-6.4.2 FortiManager-6.4.1 FortiManager-6.4.0 FortiManager-6.2.11 FortiManager-6.2.10 FortiManager-6.2.9 FortiManager-6.2.8 FortiManager-6.2.7 FortiManager-6.2.6 FortiManager-6.2.5 FortiManager-6.2.4 FortiManager-6.2.3 FortiManager-6.2.2 FortiManager-6.2.1 FortiManager-6.2.0 FortiManager-6.0.12 FortiManager-6.0.11 FortiManager-6.0.10 FortiManager-6.0.9 FortiManager-6.0.8 FortiManager-6.0.7 FortiManager-6.0.6 FortiManager-6.0.5 FortiManager-6.0.4 FortiManager-6.0.3 FortiManager-6.0.2 FortiManager-6.0.1 FortiManager-6.0.0 FortiOS-6.2.15 FortiOS-6.2.14 FortiOS-6.2.13 FortiOS-6.2.12 FortiOS-6.2.11 FortiOS-6.2.10 FortiOS-6.2.9 FortiOS-6.2.8 FortiOS-6.2.7 FortiOS-6.2.6 FortiOS-6.2.5 FortiOS-6.2.4 FortiOS-6.2.3 FortiOS-6.2.2 FortiOS-6.2.1 FortiOS-6.2.0 FortiOS-6.0.17 FortiOS-6.0.16 FortiOS-6.0.15 FortiOS-6.0.14 FortiOS-6.0.13 FortiOS-6.0.12 FortiOS-6.0.11 FortiOS-6.0.10 FortiOS-6.0.9 FortiOS-6.0.8 FortiOS-6.0.7 FortiOS-6.0.6 FortiOS-6.0.5 FortiOS-6.0.4 FortiOS-6.0.3 FortiOS-6.0.2 FortiOS-6.0.1 FortiOS-6.0.0 FortiOS-5.6.14 FortiOS-5.6.13 FortiOS-5.6.12 FortiOS-5.6.11 FortiOS-5.6.10 FortiSandbox-4.0.2 FortiSandbox-4.0.1 FortiSandbox-4.0.0 FortiSandbox-3.2.4 FortiSandbox-3.2.3 FortiSandbox-3.2.2 FortiSandbox-3.2.1 FortiSandbox-3.2.0 FortiSandbox-3.1.5 FortiSandbox-3.1.4 FortiSandbox-3.1.3 FortiSandbox-3.1.2 FortiSandbox-3.1.1 FortiSandbox-3.1.0 FortiSandbox-3.0.7 FortiSandbox-3.0.6 FortiSandbox-3.0.5 FortiSandbox-3.0.4 FortiSandbox-3.0.3 FortiSandbox-3.0.2 FortiSandbox-3.0.1 FortiSandbox-3.0.0 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-18-292 Lack of certificate verification when establishing secure connections Reference>