CVE-2022-38381

Published Nov 2, 2022

Last updated 2 years ago

CVSS critical 9.8

Overview

Description: An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request.
Source: psirt@fortinet.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3674BC9-FCA2-4DFD-8BDC-A5AE0256F293",
            "versionEndIncluding": "5.0.4",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B01E632-37EA-441A-81A6-D6CE9A8997A5",
            "versionEndIncluding": "5.1.7",
            "versionStartIncluding": "5.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B546C4E-F9AF-4514-B5A9-BD29A1FE663E",
            "versionEndIncluding": "5.2.8",
            "versionStartIncluding": "5.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3EEDDB2-61AC-43F4-9719-3548057EF30E",
            "versionEndIncluding": "5.3.7",
            "versionStartIncluding": "5.3.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54EBC78D-0358-474F-9654-3EF9950D563B",
            "versionEndIncluding": "5.4.5",
            "versionStartIncluding": "5.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3ADB57D8-1ABE-4401-B1B0-4640A34C555A",
            "versionEndIncluding": "6.0.4",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D31CF79E-6C56-4CD0-9DD2-FBB48D503786",
            "versionEndIncluding": "6.1.6",
            "versionStartIncluding": "6.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51C6A8FD-8D0D-4CBA-BA34-A34D12CE69ED",
            "versionEndIncluding": "6.2.3",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57372C1E-C3EE-4B19-8B24-79B9824634A2",
            "versionEndIncluding": "7.0.2",
            "versionStartIncluding": "7.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References