Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-26122

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

Published

2022-11-02T12:15:52.747

Last Modified

2024-11-21T06:53:28.560

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	antivirus_engine	0.4.23	Yes
Application	fortinet	antivirus_engine	2.0.49	Yes
Application	fortinet	antivirus_engine	2.0.60	Yes
Application	fortinet	antivirus_engine	4.4.54	Yes
Application	fortinet	antivirus_engine	6.33	Yes
Application	fortinet	antivirus_engine	6.137	Yes
Application	fortinet	antivirus_engine	6.142	Yes
Application	fortinet	antivirus_engine	6.144	Yes
Application	fortinet	antivirus_engine	6.145	Yes
Application	fortinet	antivirus_engine	6.156	Yes
Application	fortinet	antivirus_engine	6.157	Yes
Application	fortinet	antivirus_engine	6.243	Yes
Application	fortinet	antivirus_engine	6.252	Yes
Application	fortinet	antivirus_engine	6.253	Yes
Application	fortinet	fortimail	≤ 6.0.12	Yes
Application	fortinet	fortimail	≤ 6.2.9	Yes
Application	fortinet	fortimail	≤ 6.4.6	Yes
Application	fortinet	fortimail	≤ 7.0.2	Yes
Application	fortinet	fortimail	4.1.0	Yes
Operating System	fortinet	fortios	≤ 6.0.15	Yes
Operating System	fortinet	fortios	≤ 6.2.11	Yes
Operating System	fortinet	fortios	≤ 6.4.10	Yes
Operating System	fortinet	fortios	≤ 7.0.6	Yes
Operating System	fortinet	fortios	7.2.0	Yes

References

https://fortiguard.com/psirt/FG-IR-22-074 Patch, Vendor Advisory ([email protected])
https://fortiguard.com/psirt/FG-IR-22-074 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)