CVE-2022-27484

Name of the Vulnerable Software and Affected Versions Fortinet FortiADC versions 5.x.x through 6.2.3

Description The issue allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. This is achieved by sending a specifically designed request to the password change form, enabling the attacker to change passwords without verifying the old password.

Recommendations For Fortinet FortiADC versions 5.x.x through 6.2.3, consider restricting access to the password change form until a fix is available. As a temporary workaround, monitor password change activities closely to detect potential unauthorized changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.