CVE-2022-42469

Summary

A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.2.0 <= 7.2.3affected
FortinetFortiOS7.0.0 <= 7.0.9affected

Weaknesses

  • CWE-183: Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References