#VU69939 Improper Authentication in FortiOS - CVE-2022-35843

Cybersecurity Help s.r.o.

Published: 2022-12-06

Vulnerability identifier: #VU69939

Vulnerability risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-35843

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FortiOS
Operating systems & Components / Operating system

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in FortiOS SSH login component when processing authentication requests if RADIUS authentication is used. A remote attacker can bypass authentication process and login into the device via sending specially crafted Access-Challenge response from the Radius server.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FortiOS: 6.4.0 - 6.4.9, 7.0.0 - 7.0.7, 7.2.0 - 7.2.1

External links
https://fortiguard.com/psirt/FG-IR-22-255

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

RADIUS authentication bypass in FortiProxy SSH component

RADIUS authentication bypass in FortiOS SSH component