- Description
- A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortimanager, fortianalyzer
CVSS 3.1
- Type
- Primary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- psirt@fortinet.com
- CWE-295
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA03593-75CE-49C0-9F26-9D7D8A60EAAD",
"versionEndExcluding": "7.4.9",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4A9AA3-C6AA-428B-AE1B-61F61658D642",
"versionEndExcluding": "7.6.5",
"versionStartIncluding": "7.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C441B960-FD52-40BA-8FE1-16E3F2033554",
"versionEndExcluding": "7.4.9",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00645EEE-3E67-4B98-BB49-B23AD1D60B54",
"versionEndExcluding": "7.6.5",
"versionStartIncluding": "7.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]