Main Vulnerability Database SB2022080237

SB2022080237 - Unverified password change in FortiADC

Published: August 2, 2022

Security Bulletin ID SB2022080237

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Unverified Password Change (CVE-ID: CVE-2022-27484)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to unverified password change in GUI interface. An attacker with access to victim's session can bypass the Old Password check in the password change form and set a new password without knowledge of the old password.

Remediation

Install update from vendor's website.

References

https://fortiguard.fortinet.com/psirt/FG-IR-22-055