CVE-2022-45862

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 13, 2024

Updated: Aug 22, 2024

CWE ID 613

Summary

CVE-2022-45862 is a session expiration vulnerability [CWE-613] affecting FortiOS versions 7.2.5 and below, 7.0 all versions, and FortiProxy, FortiPAM, and FortiSwitchManager all versions. This issue enables attackers to reuse web sessions after a GUI logout if they obtain the necessary credentials, potentially leading to unauthorized access to Fortinet devices. Users are advised to update their software to the latest versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FortiOS
Fortinet FortiProxy
FortiSwitch Manager technologies

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/o7PTSJ
https://www.cve.org/CVERecord?id=CVE-2022-45862
https://nvd.nist.gov/vuln/detail/CVE-2022-45862

Back to Vulnerability Database