An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-074 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-11-02T00:00:00
Updated: 2024-08-03T04:56:37.592Z
Reserved: 2022-02-25T00:00:00
Link: CVE-2022-26122
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-11-02T12:15:52.747
Modified: 2022-11-04T13:20:04.217
Link: CVE-2022-26122
Redhat
No data.