OpenCVE

A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fortinet	Fortinac

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortinac::::::::
	cpe:2.3:a:fortinet:fortinac::::::::
	cpe:2.3:a:fortinet:fortinac::::::::

No data.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-22-452

History

Tue, 22 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-05-03T21:26:54.032Z

Updated: 2024-10-22T20:46:24.743Z

Reserved: 2022-11-23T14:57:05.612Z

Link: CVE-2022-45858

Vulnrichment

Updated: 2024-08-03T14:24:02.964Z

NVD

Status : Modified

Published: 2023-05-03T22:15:15.423

Modified: 2023-11-07T03:54:54.040

Link: CVE-2022-45858

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-45858", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2022-11-23T14:57:05.612Z", "datePublished": "2023-05-03T21:26:54.032Z", "dateUpdated": "2024-10-22T20:46:24.743Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiNAC", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "9.4.0", "lessThanOrEqual": "9.4.1", "status": "affected"}, {"versionType": "semver", "version": "9.2.0", "lessThanOrEqual": "9.2.6", "status": "affected"}, {"versionType": "semver", "version": "9.1.0", "lessThanOrEqual": "9.1.9", "status": "affected"}, {"versionType": "semver", "version": "8.8.0", "lessThanOrEqual": "8.8.11", "status": "affected"}, {"versionType": "semver", "version": "8.7.0", "lessThanOrEqual": "8.7.6", "status": "affected"}, {"version": "7.2.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-05-03T21:26:54.032Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-327", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:R"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-452", "url": "https://fortiguard.com/psirt/FG-IR-22-452"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:02.964Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-452", "url": "https://fortiguard.com/psirt/FG-IR-22-452", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T20:18:05.923955Z", "id": "CVE-2022-45858", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:46:24.743Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-452", "name": "https://fortiguard.com/psirt/FG-IR-22-452", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:02.964Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-45858", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T20:18:05.923955Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:20:25.221Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:R", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Fortinet", "product": "FortiNAC", "versions": [{"status": "affected", "version": "9.4.0", "versionType": "semver", "lessThanOrEqual": "9.4.1"}, {"status": "affected", "version": "9.2.0", "versionType": "semver", "lessThanOrEqual": "9.2.6"}, {"status": "affected", "version": "9.1.0", "versionType": "semver", "lessThanOrEqual": "9.1.9"}, {"status": "affected", "version": "8.8.0", "versionType": "semver", "lessThanOrEqual": "8.8.11"}, {"status": "affected", "version": "8.7.0", "versionType": "semver", "lessThanOrEqual": "8.7.6"}, {"status": "affected", "version": "7.2.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-452", "name": "https://fortiguard.com/psirt/FG-IR-22-452"}], "descriptions": [{"lang": "en", "value": "A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-327", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-05-03T21:26:54.032Z"}}}, "cveMetadata": {"cveId": "CVE-2022-45858", "state": "PUBLISHED", "dateUpdated": "2024-10-22T20:46:24.743Z", "dateReserved": "2022-11-23T14:57:05.612Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-05-03T21:26:54.032Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDA26803-7075-4ABC-8D2E-246A81FEB80F", "versionEndExcluding": "9.1.0", "versionStartIncluding": "8.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", "matchCriteriaId": "F62A2710-F28E-4F13-8916-4C743869B2D6", "versionEndExcluding": "9.2.6", "versionStartIncluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", "matchCriteriaId": "84AEE221-36B9-41D6-A09F-B0D81AA79576", "versionEndExcluding": "9.4.2", "versionStartIncluding": "9.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks."}], "id": "CVE-2022-45858", "lastModified": "2023-11-07T03:54:54.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2023-05-03T22:15:15.423", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-452"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}