CVE-2022-26122

Published Nov 2, 2022

Last updated 2 years ago

CVSS high 8.6

Overview

Description: An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.
Source: psirt@fortinet.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-345

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:0.4.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E472D86-EC41-4AC8-AA7E-E2D94F123680"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:2.0.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A6024DF-0DB4-420B-8226-1CBD55A92364"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:2.0.60:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF2C1609-3538-4419-B75C-32C84B21A75D"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:4.4.54:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7051D640-5891-415E-8A77-F68C35134954"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:6.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AE41E36-D7B9-42F0-9C34-FA18F081B2C0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:6.137:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B51453FA-C7D3-481B-BC3B-46D94009E3FA"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:6.142:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35E2F910-2553-4DC8-8730-0A0BF16A91B0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:6.144:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17870D25-F9BF-47F3-A63F-63DCF0C0A4D1"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:6.145:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F532E565-F438-4268-BEE3-F27B9B44EC8F"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:6.156:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA32EE02-B802-43B8-A57C-3D8680C22573"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:6.157:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "024D9F08-76C9-4E10-873E-6A4B618CE44F"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:6.243:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "250CDE83-42CA-4F2C-83DB-1274B3B8C75D"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:6.252:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B167E24-C4B2-4A06-8987-D49812D69D29"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:antivirus_engine:6.253:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7B97F13-AB4A-4114-BF89-D57945506991"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01F784BF-4F89-4938-9150-F911E3EB6CD0",
            "versionEndIncluding": "6.0.12",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEDC7EE8-084C-4F9E-A510-E283FCDF9832",
            "versionEndIncluding": "6.2.9",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0A5C345-7055-4F18-AE77-FF1DBE41AB89",
            "versionEndIncluding": "6.4.6",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43038EC9-6FD3-488C-8CA3-8B4A705C3E11",
            "versionEndIncluding": "7.0.2",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimail:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2822C6B9-7FD5-4E1B-907B-F324F28A82A3"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CB40CF0-CC6A-44A5-BC5D-70DC7CA78D49",
            "versionEndIncluding": "6.0.15",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E417AB31-3C1E-47C9-941B-36026B4379E8",
            "versionEndIncluding": "6.2.11",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF6F9869-F824-4519-986E-A032668EA7BA",
            "versionEndIncluding": "6.4.10",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE466DB5-F176-45E6-B017-A658A0B74836",
            "versionEndIncluding": "7.0.6",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9B87A2A-4C83-448B-8009-AD20214D58CB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References