CVE-2022-42478 - Vulnerability Details

An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00159.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fortinet	Fortisiem

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem:5.2.1:::::::*
	cpe:2.3:a:fortinet:fortisiem:5.2.2:::::::*
	cpe:2.3:a:fortinet:fortisiem:5.2.5:::::::*
	cpe:2.3:a:fortinet:fortisiem:5.2.6:::::::*
	cpe:2.3:a:fortinet:fortisiem:5.2.7:::::::*
	cpe:2.3:a:fortinet:fortisiem:5.2.8:::::::*
	cpe:2.3:a:fortinet:fortisiem:5.4.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.1.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.1.1:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.1.2:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.2.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.2.1:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.4.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.4.1:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.4.2:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.5.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.5.1:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.6.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.6.1:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.6.2:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.6.3:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.7.0:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-45548	An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.

Fixes

Solution

Please upgrade to FortiSIEM version 7.0.0 or above Please upgrade to FortiSIEM version 6.7.1 or above

Workaround

No workaround given by the vendor.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-22-258

History

Wed, 23 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-06-13T08:41:42.765Z

Updated: 2024-10-23T14:27:01.609Z

Reserved: 2022-10-07T14:05:36.302Z

Link: CVE-2022-42478

Vulnrichment

Updated: 2024-08-03T13:10:40.933Z

NVD

Status : Modified

Published: 2023-06-13T09:15:15.653

Modified: 2024-11-21T07:25:03.170

Link: CVE-2022-42478

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object