ByteOS Network

NVD Vulnerability Details :

CVE-2022-45858

Modified

Source-psirt@fortinet.com

Published At-03 May, 2023 | 22:15

Updated At-07 Nov, 2023 | 03:54

A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Secondary	3.1	4.2	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Type: Primary

Version: 3.1

Base score: 7.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 4.2

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

CPE Matches

Fortinet, Inc.

>>fortinac>>Versions from 8.7.0(inclusive) to 9.1.0(exclusive)

cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*

Fortinet, Inc.

>>fortinac>>Versions from 9.2.0(inclusive) to 9.2.6(exclusive)

cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*

Fortinet, Inc.

>>fortinac>>Versions from 9.4.0(inclusive) to 9.4.2(exclusive)

cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-327	Primary	nvd@nist.gov
CWE-327	Secondary	psirt@fortinet.com

CWE ID: CWE-327

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-327

Type: Secondary

Source: psirt@fortinet.com

References

Hyperlink	Source	Resource
https://fortiguard.com/psirt/FG-IR-22-452	psirt@fortinet.com	Vendor Advisory

Hyperlink: https://fortiguard.com/psirt/FG-IR-22-452

Source: psirt@fortinet.com

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History