CVE-2022-22305

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.0.1 and below, 6.4.6 and below FortiAnalyzer versions 7.0.2 and below, 6.4.7 and below FortiOS versions 6.2.x and 6.0.x FortiSandbox versions 4.0.x, 3.2.x and 3.1.x

Description An improper certificate validation issue may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.

Recommendations For FortiManager versions 7.0.1 and below, 6.4.6 and below, update to a version above 7.0.1 and 6.4.6. For FortiAnalyzer versions 7.0.2 and below, 6.4.7 and below, update to a version above 7.0.2 and 6.4.7. For FortiOS versions 6.2.x and 6.0.x, update to a version outside of the 6.2.x and 6.0.x range. For FortiSandbox versions 4.0.x, 3.2.x and 3.1.x, update to a version outside of the 4.0.x, 3.2.x and 3.1.x range. As a temporary workaround, consider restricting the communication between the listed products and external peers to minimize the risk of exploitation.