CVE-2022-42469 : A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version

A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.

Published 2023-04-11 17:15:07

Updated 2023-04-18 20:14:13

Source Fortinet, Inc.

View at NVD, CVE.org

Products affected by CVE-2022-42469

Fortinet » Fortios
Versions from including (>=) 7.2.0 and before (<) 7.2.4
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortios
Versions from including (>=) 7.0.0 and before (<) 7.0.11
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-42469

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-42469

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	Fortinet, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

References for CVE-2022-42469

https://fortiguard.com/psirt/FG-IR-22-381

PSIRT Advisories | FortiGuard
Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-42469

Products affected by CVE-2022-42469

Exploit prediction scoring system (EPSS) score for CVE-2022-42469

CVSS scores for CVE-2022-42469

References for CVE-2022-42469