SSH authentication bypass when RADIUS authentication is used Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-255 Final 1 1 2022-12-06T00:00:00 Current version 2022-12-06T00:00:00 2022-12-06T00:00:00 An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. None Improper access control FortiProxy 7.2 all versions are not affectedFortiProxy version 7.0.0 through 7.0.6FortiProxy version 2.0.0 through 2.0.10FortiProxy 1.2 all versionsFortiProxy 1.1 all versions are not affectedFortiOS version 7.2.0 through 7.2.1FortiOS version 7.0.0 through 7.0.7FortiOS version 6.4.0 through 6.4.9FortiOS 6.2 all versionsFortiOS 6.0 all versions Please upgrade to FortiOS version 7.2.2 or abovePlease upgrade to FortiOS version 7.0.8 or abovePlease upgrade to FortiOS version 6.4.10 or abovePlease upgrade to upcoming FortiOS version 6.2.13 or abovePlease upgrade to FortiProxy version 7.0.7 or abovePlease upgrade to FortiProxy version 2.0.11 or above Fortinet is pleased to thank Egbert Nijmeijer from ICT Teamwork for reporting this vulnerability under responsible disclosure. FortiOS 7.2.1 FortiOS 7.2.0 FortiOS 7.0.7 FortiOS 7.0.6 FortiOS 7.0.5 FortiOS 7.0.4 FortiOS 7.0.3 FortiOS 7.0.2 FortiOS 7.0.1 FortiOS 7.0.0 FortiOS 6.4.9 FortiOS 6.4.8 FortiOS 6.4.7 FortiOS 6.4.6 FortiOS 6.4.5 FortiOS 6.4.4 FortiOS 6.4.3 FortiOS 6.4.2 FortiOS 6.4.1 FortiOS 6.4.0 FortiOS 6.2.12 FortiOS 6.2.11 FortiOS 6.2.10 FortiOS 6.2.9 FortiOS 6.2.8 FortiOS 6.2.7 FortiOS 6.2.6 FortiOS 6.2.5 FortiOS 6.2.4 FortiOS 6.2.3 FortiOS 6.2.2 FortiOS 6.2.1 FortiOS 6.2.0 FortiProxy 7.0.6 FortiProxy 7.0.5 FortiProxy 7.0.4 FortiProxy 7.0.3 FortiProxy 7.0.2 FortiProxy 7.0.1 FortiProxy 7.0.0 FortiProxy 2.0.10 FortiProxy 2.0.9 FortiProxy 2.0.8 FortiProxy 2.0.7 FortiProxy 2.0.6 FortiProxy 2.0.5 FortiProxy 2.0.4 FortiProxy 2.0.3 FortiProxy 2.0.2 FortiProxy 2.0.1 FortiProxy 2.0.0 FortiProxy 1.2.13 FortiProxy 1.2.12 FortiProxy 1.2.11 FortiProxy 1.2.10 FortiProxy 1.2.9 FortiProxy 1.2.8 FortiProxy 1.2.7 FortiProxy 1.2.6 FortiProxy 1.2.5 FortiProxy 1.2.4 FortiProxy 1.2.3 FortiProxy 1.2.2 FortiProxy 1.2.1 FortiProxy 1.2.0 CVE-2022-35843 FortiOS-7.2.1 FortiOS-7.2.0 FortiOS-7.0.7 FortiOS-7.0.6 FortiOS-7.0.5 FortiOS-7.0.4 FortiOS-7.0.3 FortiOS-7.0.2 FortiOS-7.0.1 FortiOS-7.0.0 FortiOS-6.4.9 FortiOS-6.4.8 FortiOS-6.4.7 FortiOS-6.4.6 FortiOS-6.4.5 FortiOS-6.4.4 FortiOS-6.4.3 FortiOS-6.4.2 FortiOS-6.4.1 FortiOS-6.4.0 FortiOS-6.2.12 FortiOS-6.2.11 FortiOS-6.2.10 FortiOS-6.2.9 FortiOS-6.2.8 FortiOS-6.2.7 FortiOS-6.2.6 FortiOS-6.2.5 FortiOS-6.2.4 FortiOS-6.2.3 FortiOS-6.2.2 FortiOS-6.2.1 FortiOS-6.2.0 FortiProxy-7.0.6 FortiProxy-7.0.5 FortiProxy-7.0.4 FortiProxy-7.0.3 FortiProxy-7.0.2 FortiProxy-7.0.1 FortiProxy-7.0.0 FortiProxy-2.0.10 FortiProxy-2.0.9 FortiProxy-2.0.8 FortiProxy-2.0.7 FortiProxy-2.0.6 FortiProxy-2.0.5 FortiProxy-2.0.4 FortiProxy-2.0.3 FortiProxy-2.0.2 FortiProxy-2.0.1 FortiProxy-2.0.0 FortiProxy-1.2.13 FortiProxy-1.2.12 FortiProxy-1.2.11 FortiProxy-1.2.10 FortiProxy-1.2.9 FortiProxy-1.2.8 FortiProxy-1.2.7 FortiProxy-1.2.6 FortiProxy-1.2.5 FortiProxy-1.2.4 FortiProxy-1.2.3 FortiProxy-1.2.2 FortiProxy-1.2.1 FortiProxy-1.2.0 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-255 SSH authentication bypass when RADIUS authentication is used Reference>