CVE-2022-43947

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/04/2023
Last modified:
07/11/2023

Description

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* 1.0.0 (including) 2.0.9 (including)
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* 7.0.0 (including) 7.0.8 (excluding)
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* 7.2.0 (including) 7.2.2 (excluding)
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 6.2.0 (including) 6.4.13 (excluding)
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 7.0.0 (including) 7.0.11 (excluding)
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 7.2.0 (including) 7.2.4 (excluding)


References to Advisories, Solutions, and Tools