1. Home
  2. CVE Database
  3. CVE-2022-35843
HIGH · 8.1

CVE-2022-35843

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and ...

Vulnerability Description

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
FortinetFortiproxy>= 1.2.0, <= 1.2.13
FortinetFortios>= 6.0.0, <= 6.0.15

Related Weaknesses (CWE)

CWE-287CWE-284

References

FAQ

What is CVE-2022-35843?

CVE-2022-35843 is a vulnerability with a CVSS score of 8.1 (HIGH). An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and ...

How severe is CVE-2022-35843?

CVE-2022-35843 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-35843?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiproxy, Fortinet Fortios.