#VU68929 Insufficient verification of data authenticity in Fortinet, Inc products - CVE-2022-26122

Cybersecurity Help s.r.o.

Published: 2022-11-02

Vulnerability identifier: #VU68929

Vulnerability risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-26122

CWE-ID: CWE-345

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AV engine
Hardware solutions / Firmware
Fortinet FortiMail
Server applications / IDS/IPS systems, Firewalls and proxy servers
FortiOS
Operating systems & Components / Operating system

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient verification of data authenticity. A remote attacker can bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AV engine: 0.4.23 - 6.253

Fortinet FortiMail: 6.0.0 - 7.0.2

FortiOS: 6.0.0 - 6.0.15, 6.2.0 - 6.2.11, 6.4.0 - 6.4.10, 7.0.0 - 7.0.6, 7.2.0

External links
https://fortiguard.fortinet.com/psirt/FG-IR-22-074

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Insufficient verification of data authenticity in Fortinet AV Engine