CVE-2022-45862

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 13, 2024
Updated: Aug 22, 2024
CWE ID 613

Summary

CVE-2022-45862 is a session expiration vulnerability [CWE-613] affecting FortiOS versions 7.2.5 and below, 7.0 all versions, and FortiProxy, FortiPAM, and FortiSwitchManager all versions. This issue enables attackers to reuse web sessions after a GUI logout if they obtain the necessary credentials, potentially leading to unauthorized access to Fortinet devices. Users are advised to update their software to the latest versions to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • FortiOS
  • Fortinet FortiProxy
  • FortiSwitch Manager technologies

Affected Vendors

  • Fortinet