An attacker can exploit the lack of AV engine verification of data authenticity vulnerability [CWE-345] via MIME email attachment to inject malicious HTML content or to perform malicious actions on the system.

Incorrect validation of data formats vulnerability [CWE-20] in FortiGate and FortiManager web interfaces may allow remote attacker to bypass authentication via crafted request.

Inadequate certificate validation vulnerability [CWE-20] in FortiGate and FortiManager web interfaces may allow remote attacker to bypass authentication via crafted request.

Inadequate input validation vulnerability [CWE-20] in FortiGate and FortiManager web interfaces may allow remote attacker to bypass authentication via crafted request.

Inadequate input validation vulnerability [CWE-20] in FortiGate and FortiManager web interfaces may allow remote attacker to bypass authentication via crafted request.

Inadequate input validation vulnerability [CWE-20] in FortiGate and FortiManager web interfaces may allow remote attacker to bypass authentication via crafted request.

Inadequate input validation vulnerability [CWE-20] in FortiGate and FortiManager web interfaces may allow remote attacker to bypass authentication via crafted request.

Inadequate input validation vulnerability [CWE-20] in FortiGate and FortiManager web interfaces may allow remote attacker to bypass authentication via crafted request.

Inadequate input validation vulnerability [CWE-20] in

References !

1. CWE-345: MIME email attachment to inject malicious HTML content
2. CWE-20: Incorrect validation of data formats vulnerability
3. CWE-20: Inadequate input validation vulnerability
4. CWE-20: Inadequate input validation vulnerability
5. CWE-20: Inadequate input validation vulnerability
6. CWE-20: Inadequate input validation vulnerability

References -

CWE-20: Incorrect validation of data formats vulnerability [CWE-20]
CWE-345: CVE-2022-26122: An attacker can exploit the lack of AV engine verification of data authenticity vulnerability [CWE-345] via MIME email attachment to inject malicious HTML content or to perform malicious actions on the system.
CWE-20: Inadequate input validation vulnerability [CWE-20] in FortiGate and FortiManager web interfaces may allow remote attacker to bypass authentication via crafted request.
CWE-20: Inadequate input validation vulnerability [CWE-20] in FortiGate and FortiManager web interfaces may allow remote attacker to bypass authentication via crafted request.
CWE-20: Inadequate input validation vulnerability [CWE-20] in FortiGate and FortiManager web interfaces may allow remote attacker to bypass authentication via crafted request.

Timeline

Published on: 11/02/2022 12:15:00 UTC
Last modified on: 11/04/2022 13:20:00 UTC

References