CVE-2022-22300

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 5.6.0 through 5.6.11 FortiAnalyzer versions 6.0.0 through 6.0.11 FortiAnalyzer versions 6.2.0 through 6.2.9 FortiAnalyzer versions 6.4.0 through 6.4.7 FortiAnalyzer versions 7.0.0 through 7.0.2 FortiManager versions 5.6.0 through 5.6.11 FortiManager versions 6.0.0 through 6.0.11 FortiManager versions 6.2.0 through 6.2.9 FortiManager versions 6.4.0 through 6.4.7 FortiManager versions 7.0.0 through 7.0.2

Description The issue is related to improper handling of insufficient permissions or privileges, allowing an attacker to bypass the device policy and force a password-change action for a user.

Recommendations For FortiAnalyzer versions 5.6.0 through 5.6.11, update to a version outside of this range to mitigate the risk. For FortiAnalyzer versions 6.0.0 through 6.0.11, update to a version outside of this range to mitigate the risk. For FortiAnalyzer versions 6.2.0 through 6.2.9, update to a version outside of this range to mitigate the risk. For FortiAnalyzer versions 6.4.0 through 6.4.7, update to a version outside of this range to mitigate the risk. For FortiAnalyzer versions 7.0.0 through 7.0.2, update to a version outside of this range to mitigate the risk. For FortiManager versions 5.6.0 through 5.6.11, update to a version outside of this range to mitigate the risk. For FortiManager versions 6.0.0 through 6.0.11, update to a version outside of this range to mitigate the risk. For FortiManager versions 6.2.0 through 6.2.9, update to a version outside of this range to mitigate the risk. For FortiManager versions 6.4.0 through 6.4.7, update to a version outside of this range to mitigate the risk. For FortiManager versions 7.0.0 through 7.0.2, update to a version outside of this range to mitigate the risk.