Severity Rating: HIGH
Software Affected
FortiOS version 7.2.0 through 7.2.1
FortiOS version 7.0.0 through 7.0.7
FortiOS version 6.4.0 through 6.4.9
FortiOS version 6.2 all versions
FortiOS version 6.0 all versions
FortiProxy version 7.0.0 through 7.0.6
FortiProxy version 2.0.0 through 2.0.10
FortiProxy version 1.2.0 all versions
Overview
A
vulnerability has been reported in FortiOS and FortiProxy, which could
allow an unauthenticated remote attacker to bypass security restrictions
on the targeted system.
Description
This
vulnerability exists in Fortinet Devices due to authentication bypass
by assumed-immutable data vulnerability in the FortiOS SSH login
component. An attacker can exploit this vulnerability by sending
specially crafted Access-Challenge response from the Radius server.
Successful
exploitation of this vulnerability could allow an unauthenticated
remote attacker to Bypass security restrictions on the targeted system.
Solution
Upgrade to the latest versions of FortiOS and FortiProxy as mentioned in the vendor advisory
Vendor Information
Fortiguard
References
CVE Name
CVE-2022-35843
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.