Main Vulnerability Database Vulnerabilities #VU65982

Unverified Password Change in FortiADC - CVE-2022-27484

Published: August 2, 2022

Vulnerability identifier: #VU65982

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-27484

CWE-ID: CWE-620

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FortiADC

Software vendor:
Fortinet, Inc

Description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to unverified password change in GUI interface. An attacker with access to victim's session can bypass the Old Password check in the password change form and set a new password without knowledge of the old password.

Remediation

Install updates from vendor's website.

External links

https://fortiguard.fortinet.com/psirt/FG-IR-22-055

Unverified Password Change in FortiADC - CVE-2022-27484

Description

Remediation

External links

Please verify you're human